Sie sind auf Seite 1von 57

Application Switching

Nortel Application Switch OS 23.0 Planned Features

NORTEL NETWORKS CONFIDENTIAL

Alteon OS 23.0 Major Features


> Customized Application Delivery > Converged Network Intelligence > Secure Switching > Networks and Standards > Management Improvements

Creating a resilient network that intelligently, accelerates and secures converged applications in a global enterprise
PG 2 NORTEL NETWORKS CONFIDENTIAL

Customized Application Delivery


>Workload Manager

>Softricity Softgrid
>Microsoft Windows Terminal Services >P2P Caching >SSL VPN 5.0 > Connection Pooling
Nortel Internal POR / Roadmap ONLY Under Strict NDA

PG 3

NORTEL NETWORKS CONFIDENTIAL

Server Load Balancing Workload Manager


Client1 LB decision has LB decision an added weight based upon based upon network traffic usage of servers to attached servers and devices

Client2
File Systems

Domain Manager

Server Clusters

> Workload Manager monitors server resources Implementation of the SASP protocol IBM Proprietary
Additional factor added to load balancing decision Considers servers CPU, storage, network traffic in the final weight
PG 4 NORTEL NETWORKS CONFIDENTIAL

Configuring WLM
> Configure WLM Load Balancing
/cfg/slb/wlm 1-16 [Workload Manager 1 Menu] addr - Set IP address for Workload Manager port - Set port for Workload Manager del - Delete Workload Manager cur - Display current Workload Manager configuration

> Assign WLM to group (requires configuring the WLM)


/cfg/slb/group 1 [Real Server Group 1 Menu] wlm Set Workload Manager number

> Display statistics for WLM


/stats/slb/wlm Enter Workload Manager number (1-16):

> Display Information


/info/slb/wlm
PG 5 NORTEL NETWORKS CONFIDENTIAL

SoftGrid Servers Load Balancing


Client1 Requires Word & Powerpoint
Word & Powerpoint Delivered

Dumb terminals

SoftGrid Servers

Client2 Requires only Powerpoint

Powerpoint Delivered

Applications loaded on these servers

> Softricity SoftGrid Delivering resources as needed - Same concept as power grid - client uses apps only when required Load balancing at Layer 7 not just layer 4
PG 6 NORTEL NETWORKS CONFIDENTIAL

Configuring SoftGrid Servers


> Configure SoftGrid Load Balancing
/cfg/slb/virt <virtual server number> /service rtsp
[Virtual Server <virtual server number> rtsp Service Menu] softgrid - Enable/disable SoftGrid load balancing If SoftGrid is enabled, regular RTSP load balancing will not be available for that service.

PG 7

NORTEL NETWORKS CONFIDENTIAL

WTS Load Balancing


Client1 Typical LB Load do decisions Balancing not guarantee with the reaching persistency same server

Client2

Session Directory

Window Servers

> Support for Microsoft Windows Terminal Services Load balancing with persistency WTS Health Checking
PG 8 NORTEL NETWORKS CONFIDENTIAL

WTS Load Balancing Configuration


> Configure WTS Load Balancing
/cfg/slb/virt <virtual server number> /service 3389
[Virtual Server <virtual server number> 3389 Service Menu] wts WTS Load Balancing Menu [WTS loadbalancing and persistence Menu] userhash - Enable userhash when there is no Session Directory Server ena - Enable WTS load balancing and persistence dis - Disable WTS load balancing and persistence cur - Display current WTS configuration

PG 9

NORTEL NETWORKS CONFIDENTIAL

Customized Application Delivery


> P2P Cache Load Balancing
Redirects traffic @ L7 without delayed binding Configure P2P cache LB (transparent proxy redirection)
/cfg/slb/real <real server number> /adv [Real Server <real server number> Advanced Menu] subdmac - Enable/disable destination MAC address substitution

> Connection Pooling


Improves SLB performance Offloads TCP setup and tear down on servers Configure connection pooling
/cfg/slb/virt/ <virtual server number> /service 80 /http [Http Load Balancing Menu] pooling - Enable/disable connection pooling for HTTP traffic

Statistics for connection pooling


/stats/slb/layer7 [Layer7 Statistics Menu] pooling Show connection pooling stats
PG 10 NORTEL NETWORKS CONFIDENTIAL

Alteon OS 23.0 Major Features


> Customized Application Delivery > Converged Network Intelligence > Secure Switching > Networks and Standards > Management Improvements

Creating a resilient network that intelligently, accelerates and secures converged applications in a global enterprise

PG 11

NORTEL NETWORKS CONFIDENTIAL

Continuing to Deliver Resilient VoIP -1


> SIP Operator Defined Port
Allow the operator to change server SIP port to other than UDP 5060 Configure operator defined port
/cfg/slb/virt 1/service 5060/rport xxxx

> SIP Refer Method Support


Enable support for SIP Refer method for SIP proxy LB Required for call transfer services No configuration required

PG 12

NORTEL NETWORKS CONFIDENTIAL

Continuing to Deliver Resilient VoIP -2


> SIP parsing (SIP NAT and Gleaning)
Provides SIP NAT functionality Inspects SIP traffic to determine RTP ports Open required pinholes and applies contracts Configure SIP parsing
/cfg/slb/filt <filter number> /adv/layer7/ sip

[Layer 7 SIP Menu] rtpcont - Set BW contract for SIP RTP sessions sipp - Enable/disable SIP parsing cur - Display current SIP configuration

> SIP Options Health Check


Support SIP health check type based on SIP OPTIONS (like HTTP and RTSP) Current SIP health check initiates a SIP PING Configuration
cfg/slb/group <group number> /health<sipoptions>
PG 13 NORTEL NETWORKS CONFIDENTIAL

Continuing to Deliver Resilient VoIP -3


Example of SIP Option transaction
OPTIONS 47.80.23.195 SIP/2.0 Via: SIP/2.0/UDP 47.80.23.242; Max-Forwards: 70 To: <sip:47.80.23.195> From: <usertest@alteon.com> Call-ID: 45454545454 CSeq: 1 OPTIONS Contact: <usertest@alteon.com> Accept: application/sdp Content-Length: 0 SIP/2.0 200 OK Via: SIP/2.0/UDP 47.80.23.242 To: <sip:47.80.23.195> From: <usertest@alteon.com> Call-ID: 45454545454 CSeq: 2 OPTIONS Contact: <usertest@alteon.com> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE Accept: application/sdp Content-Type: application/sdp Content-Length: 0
PG 14 NORTEL NETWORKS CONFIDENTIAL

Alteon OS 23.0 Major Features


> Customized Application Delivery > Converged Network Intelligence > Secure Switching > Networks and Standards > Management Improvements

Creating a resilient network that intelligently, accelerates and secures converged applications in a global enterprise

PG 15

NORTEL NETWORKS CONFIDENTIAL

Secure Switching
> Expanded Dos Attack Protection
Extend DoS support to include additional DoS signatures

> Nortel TPS Enforcement Point


Threats detected are blocked by switch

> Enhanced Intelligent traffic Management


Symantec First Attack Protection Multi-packet Inspection Bogon filtering Socket Based BWM Statistics Transfer Packet Counters Contract Based Mirroring

PG 16

NORTEL NETWORKS CONFIDENTIAL

Expanded DoS Attack Protection - 1


> The following lists all DoS attacks in v23.0
iplen : IPv4 packets with bad IP header or payload length ipversion : IPv4 packets with IP version not 4. broadcast : IPv4 packets with broadcast source or destination IP loopback : IPv4 packets with loopback source or destination IP land : IPv4 packets with same source and destination IP ipreserved : IPv4 packets with IP reserved bit is set ipttl : IPv4 packets with small IP TTL ipprot : IPv4 packets with IP protocol unassigned or reserved ipoptlen : IPv4 packets with bad IP options length fragmoredont: IPv4 packets with more fragments and dont fragment bit set fragdata IPv4 packets with more fragments bit set and small payload fragboundary: IPv4 packets with more fragments bit set and payload not at 8-byte boundary

PG 17

NORTEL NETWORKS CONFIDENTIAL

Expanded DoS Attack Protection - 2


> The following lists all DoS attacks in v23.0
fraglast : IPv4 packets last fragment without payload fragdontoff : IPv4 packets with non-zero fragment offset and don't fragment bits set fragopt : IPv4 packets with non-zero fragment offset and IP options fragoff : IPv4 packets with small non-zero fragment offset fragoversize: IPv4 packets with non-zero fragment offset and oversize payload tcplen : TCP packets with bad TCP header length tcpportzero : TCP packets with source or destination port is zero tcpreserved : TCP packets with TCP reserved bit is set finscan : TCP packets with only FIN bit is set vecnascan : TCP packets with only URG or PUSH or URG|FIN or PSH|FIN or URG|PSH bits are set synfinscan : TCP packets with SYN and FIN bits are set

PG 18

NORTEL NETWORKS CONFIDENTIAL

Expanded DoS Attack Protection - 3


> The following lists all DoS attacks in v23.0
tcplen : TCP packets with bad TCP header length tcpportzero : TCP packets with source or destination port is zero tcpreserved : TCP packets with TCP reserved bit is set finscan : TCP packets with only FIN bit is set vecnascan : TCP packets with only URG or PUSH or URG|FIN or PSH|FIN or URG|PSH bits are set synfinscan : TCP packets with SYN and FIN bits are set flagabnormal: TCP packets with abnormal control bits combination syndata : TCP packets with SYN bit set and with payload synfrag : TCP packets with SYN bit is set and more fragments bit is set ftpport : TCP packets with SPORT=20, DPORT<1024 and SYN bit is set dnsport : TCP packets with SPORT=53, DPORT<1024 and SYN bit is set seqzero : TCP packets with sequence number is zero
PG 19 NORTEL NETWORKS CONFIDENTIAL

Expanded DoS Attack Protection -4


> The following lists all DoS attacks in v23.0
ackzero : TCP packets with acknowledgement number is zero and ACK bit is set tcpoptlen : TCP packets with bad TCP options length udplen : UDP packets with bad UDP header length udpportzero : UDP packets with source or destination port is zero fraggle : UDP packets to broadcast destination IP (x.x.x.255) pepsi : UDP packets with SPORT=19, DPORT=7 or SPORT=7 DPORT=19 icmplen : ICMP packets with bad ICMP header length rc8 : UDP packets with SPORT=7 and DPORT=7. snmpnull : UDP packets with DPORT=161 and without payload smurf : ICMP ping requests to a broadcast destination IP (x.x.x.255) icmpdata : ICMP packets with zero fragment offset and large payload icmpoff : ICMP packets with large fragment offset icmptype : ICMP packets with type is unassigned or reserved.
PG 20 NORTEL NETWORKS CONFIDENTIAL

Expanded DoS Attack Protection - 5


> The following lists all DoS attacks in v23.0
igmplen : IGMP packets with bad IGMP header length. i.e. IGMP packets with - IP data length < 8 bytes igmpfrag : IGMP packets with more fragments bit is set or non-zero fragment offset. igmptype : IGMP packets with type is unassigned or reserved arplen : ARP request or reply packets with bad length arpnbcast : ARP request packets with non broadcast destination MAC arpnucast : ARP reply packets with non unicast destination MAC arpspoof : ARP request or reply packets with mismatch source with sender MACs or destination with target MACs garp : ARP request or reply packets with same source and destination IP ip6len : IPv6 packets with bad header length ip6version : IPv6 packets with IP version not 6

PG 21

NORTEL NETWORKS CONFIDENTIAL

DoS Attack Protection Configuration - 1


/cfg/sec/dos [DoS Attack Prevention Menu] ipttl - Set the smallest allowable IP ttl for ipttl Ipprot - Set the highest allowable IP protocol for ipprot fragdata - Set the smallest allowable IP fragment payload for fragdata fragoff - Set the smallest allowable IP fragment offset for fragoff syndata - Set the largest allowable TCP SYN payload for syndata Icmpdata - Set the largest allowable ICMP payload for icmpdata help - DoS attack prevention description cur - Display current DoS attack prevention /cfg/sec/dos/cur Current DoS attack prevention settings: ipttl 1, ipprot 137, fragdata 32, fragoff 4, syndata 0, icmpdata 800

PG 22

NORTEL NETWORKS CONFIDENTIAL

DoS Attack Protection Configuration - 2


/cfg/sec/port <port number>

[Port <port number> Menu] add - Add DoS attack to prevention aadd - Add all protocol anomaly/DoS attack to prevention rem - Remove DoS attack from prevention arem - Remove all protocol anomaly/DoS attack from prevention help - DoS attack prevention description

PG 23

NORTEL NETWORKS CONFIDENTIAL

Nortel TPS Enforcement Point -1

Out of path monitoring with in path enforcement

Enforcement Instructions

Terminate existing sessions and stop new sessions


Nortel TPS

Event Monitoring

Nortel Application Switch


Event Monitoring

Nortel Defense Center Event Analysis

Retrieve instructions from events learned elsewhere

Nortel TPS

Client Network

Server Farm / Data Center


PG 24

POE / WI-LAN
NORTEL NETWORKS CONFIDENTIAL

Nortel TPS Enforcement Point -2


> Nortel TPS Enforcement Point
Dynamically add/remove filters/ACLs Syslog captures addition/deletion of filters/ACLs Manually set filters/ACLs ACLs can be issued to
block source IP block destination IP block source network block destination network delete session

PG 25

NORTEL NETWORKS CONFIDENTIAL

Enhanced ITM -1
> Symantec First Attack Protection (Maintenance Release)
Integrate Symantec IPS Engine

> Multi-packet Inspection


Permit the chaining of pattern groups Match multiple patterns across multiple IPv4 packets Configure multi-packet inspection
/cfg/slb/filt <filter number> /adv/sec/parsechn

> Socket Based BWM Statistics Transfer


Change BWM statistics transfer from SMTP to Socket Based User configurable default SMTP Configure socket based stats
/cfg/bwm/email disable /cfg/bwm/report <ipaddress> report - Set IP address of Reporting server

PG 26

NORTEL NETWORKS CONFIDENTIAL

Enhanced ITM -2
> Packet Counters
Extend current stats to maintain BWM statistics for packet count per contract Permits the calculation of avg packet size

> Contract Based Mirroring


Available in maintenance mode Used to isolate traffic for troubleshooting / analysis Configure
/cfg/bwm/cont x pmirr - Set monitoring port for packet mirroring

> Bogon Filtering

PG 27

NORTEL NETWORKS CONFIDENTIAL

Automated BOGON Support

BOGONs (Bogus Networks) are unassigned IP Address Ranges

BOGONs should NEVER be seen entering or exiting your network

BOGON ranges are commonly used to spoof IPv4 packets for large-scale attacks

Not efficient to manage 8k+ ever changing filters UNTIL NOW!


PG 28 NORTEL NETWORKS CONFIDENTIAL

Content Switching Enhancements -1


> Stateful Failover Supports session failover on service basis Services supported are SIP, FTP & NAT filters Uses proprietary protocol NAAP

Configure stateful failover


/cfg/slb/port <port number> /intersw /cfg/slb/virt <virtual server number> /service <service number> mirror enable/disable session mirroring /cfg/slb/filt x/adv/mirror

Statistics
/stats/slb/mirror
PG 29 NORTEL NETWORKS CONFIDENTIAL

Content Switching Enhancements - 2


> Port Teaming
Allows ports to be grouped so that link failure of one, drops link from all in the group For example drop firewall side link if ingress link fails Configure port teaming
/cfg/l2/team <team number> [Port team <team number> Menu] addport - Add port to team Remport - Remove port from team Addtrunk - Add trunk group to team remtrunk - Remove trunk group from team Ena - Enable port team dis - Disable port team del - Delete port team cur - Display current port team configuration

Information
/info/l2/team
PG 30 NORTEL NETWORKS CONFIDENTIAL

Content Switching Enhancements - 3


> VPNLB Persistence
Glue the IPSEC connection to the existing IKE connection Required when VPN link flaps because hash will send IPSEC connection back to original server but IKE connection is elsewhere

PG 31

NORTEL NETWORKS CONFIDENTIAL

Content Switching Enhancements - 4


> Buddy Server Health Check
Ability to tie the load balanced servers health to a non loadbalanced server Real Server is only marked up when buddy server is available buddy server may use different health check NOT same us buddy groups this marks individual server and not server group Configuration
/cfg/slb/real <real server number> /adv/buddyhc <buddy server number> [Buddy Server <buddy server number> health check Menu] addbds - Add Buddy server delbds - Delete Buddy server cur - Display current buddy server configuration

PG 32

NORTEL NETWORKS CONFIDENTIAL

Content Switching Enhancements - 5


> Backup Only Server
Support for Server as Backup ONLY (not overflow) Allows operator to impose maximum session capacity (paid services) and still provide for resiliency Configure backup only server
/cfg/slb/real <real server number> [Real Server <real server number> Menu] Overflo Enable/disable backup on overflow

> Configurable Session Timeout per Service


Provide different session timeout values on a per service basis Custom timeout values per service, only available for filters now Configure timeout per service
/cfg/slb/virt <virtual server number> /service 80 [Virtual Server <virtual server number> http Service Menu] Tmout Set minutes inactive connection remains open
PG 33 NORTEL NETWORKS CONFIDENTIAL

Content Switching Enhancements - 6


> Send Resets when Switch DENYs a TCP Packet
Switch sends RST instead of waiting for server to timeout Alternative server needs to time out the connections

> Configurable RTSP Control Port


Allow the operator to specify the RTSP control port Currently fixed to 554 Configure RTSP control port
/cfg/slb/virt <virtual server number> service 100/rtsp [RTSP Load Balancing Menu] rtspslb Set RTSP URL Load balancing type

> Proxy Support Insert Cookie Mode


Insert Cookie mode when operating in a proxied environment

PG 34

NORTEL NETWORKS CONFIDENTIAL

Alteon OS 23.0 Major Features


> Customized Application Delivery > Converged Network Intelligence > Secure Switching > Networks Standards > Management Improvements

Creating a resilient network that intelligently, accelerates and secures converged applications in a global enterprise

PG 35

NORTEL NETWORKS CONFIDENTIAL

Network Standards
>V23.0 provides support for the following standards
Phase 1 IPv6 XML Configuration API Hosted Overlap NAT Support RIPv2 802.1s and 802.1w

PG 36

NORTEL NETWORKS CONFIDENTIAL

Phase 1 IPv6 -1
Includes IPv6 GW, Static Route, VIP, Filter (allow | deny), Management Port = IPv4 Configure IPv6
/cfg/l3/ip/if <interface number> [IP Interface <interface number> Menu] ipver - Set IP version mask - Set subnet mask/prefix length >> IP Interface <interface number> # ipver Current ip version: v4 Enter ip version: v6 >> IP Interface <interface number> # mask Current Prefix length: 0 Pending new Prefix length: 64 Enter new Prefix length [1-128]: 64

PG 37

NORTEL NETWORKS CONFIDENTIAL

IPv6 -2
Configuration continued:
>> Main# /cfg/l3/gw Enter default gateway number: (1-259) 1 [Default gateway 1 Menu] ipver - IP version >> Default gateway 1# ipver Current ip version: v4 Enter ip version: v6 >> Layer 4# /cfg/slb/vir <virtual server number> [Virtual Server <virtual server number> Menu] ipver - Set IP version >> Virtual Server <virtual server number># ipver Current ip version: v4 Enter ip version: v6
PG 38 NORTEL NETWORKS CONFIDENTIAL

IPv6 - 3
Filter Configuration
>> Main# /cfg/slb/filt <filter number> [Filter <filter number> Menu] ipver - Set IP version

New command
Ping 6 to ping ipv6 address

Statistics
/stats/l3/ipv6

PG 39

NORTEL NETWORKS CONFIDENTIAL

IPv6 - 4
Information
>> IP# /info/l3/

[Layer 3 Menu] route6 - IPv6 Routing Information Menu nbrcache - IPv6 Neighbor Cache Information Menu >> Layer 3# route6 [IPv6 Routing Menu] dump - Show all routes >> IPv6 Address Resolution Protocol# /i/l3/nbrcache

[IPv6 Address Resolution Protocol Menu]


dump - Show all IP6 neighbor cache entries

PG 40

NORTEL NETWORKS CONFIDENTIAL

IPv6 - 5
Information continued
>> Server Load Balancing Information# /info/slb/sess [Session Table Information Menu] cip6 - Show all session entries with source IP6 address dip6 - Show all session entries with destination IP6 address dump - Show all session entries >> Session Table Information dump 4 dump 6 dump (dump ip4 and ip6 sessions)

PG 41

NORTEL NETWORKS CONFIDENTIAL

XML Configuration API


Provides common API to manage switch Removes requirement to constantly develop unique APIs

Maps all configuration CLI commands to XML commands Secured transport Configure XML API
/cfg/sys/access/xml xml - Enable/disable XML config access port - Set XML server port number gtcert - Import XML client certificate delcert - Delete XML client certificate dispcert - Display XML client certificate cur - Display current XML config access configuration

PG 42

NORTEL NETWORKS CONFIDENTIAL

Hosted Overlap NAT


Support the NAT of overlapping client IP addresses with unique VLANs Return traffic returned to original client VLAN Configuration
/cfg/slb/adv pvlantag Enable/disable preserving vlan tag during packet forwarding

PG 43

NORTEL NETWORKS CONFIDENTIAL

Alteon OS 23.0 Major Features


> Customized Application Delivery > Converged Network Intelligence > Secure Switching > Networks and Standards > Management Improvements

Creating a resilient network that intelligently, accelerates and secures converged applications in a global enterprise

PG 44

NORTEL NETWORKS CONFIDENTIAL

Management Enhancements
> FTP Transfer Support
Support FTP as transfer alternative to TFTP Supported over data and/or management port
image, config, tsdump and panic dumps upload and download Hostname, filename, user and password are requested

> Configuration Ranges


Permit configuration using ranges for ports, trunks, real servers and filters Ex. /cfg/po 1-10/pvid 5 sets ports 1 through 10 to default VLANID 5

> Comprehensive Boot Logging


Logs S/W version, boot code, firmware during boot process

PG 45

NORTEL NETWORKS CONFIDENTIAL

Management Enhancements
> Port Aliasing
Reference port by name rather than number

> Query Encryption License/ Switch serial number


Obtain encryption licenses or serial number of switch CLI and SNMP

> Delete Specified Session Entry


Allow operator to delete a specific session entry without clearing entire session table

PG 46

NORTEL NETWORKS CONFIDENTIAL

EMS Enhancements
> Job Scheduler
Handles scheduling jobs by users Supported jobs include ITM signature update, Bogon File Update,TSDMP, CFG dump etc.

> SLB Wizard


Intended for first time or novice users Intuitive and Easy to use

> New EMS server


Client Server architecture Entirely rewritten in Java Handles multiple switches Centralized MySQL Database Jetty Webserver

PG 47

NORTEL NETWORKS CONFIDENTIAL

ASEM Server Architecture

PG 48

NORTEL NETWORKS CONFIDENTIAL

Backup Slides

PG 49

NORTEL NETWORKS CONFIDENTIAL

RIPv2 -1
Implement Routing Information Protocol version 2 RFC2453 RIPv2 Password per RIP Interface
Add RIP password name to support the multiple RIPv2 interfaces

Variable length subnet mask in updates Next hop router address Configure RIPv2
/cfg/l3/rip [Routing Information Protocol Menu] if - RIP Interface menu update - Set update period in seconds on - Globally turn RIP ON off - Globally turn RIP OFF current - Display current RIP configuration

PG 50

NORTEL NETWORKS CONFIDENTIAL

RIPv2 -2
>> Routing Information Protocol# if 12 [RIP Interface 12 Menu] version - Set RIP version supply - Enable/disable supplying route updates listen - Enable/disable listening to route updates default - Set default route action poison - Enable/disable poisoned reverse trigg - Enable/disable triggered updates Mcast - Enable/disable multicast updates metric - Set metric auth - Set authentication type key - Set authentication key current - Display current RIP interface configuration

PG 51

NORTEL NETWORKS CONFIDENTIAL

RSTP & MSTP Support -1


> Rapid Spanning Tree (RSTP)
Evolution of 802.1d Supports only single Spanning tree Faster convergence times 3 operational states
Discarding Learning Forwarding

> Multiple Spanning Tree (MSTP)


Extension of RSTP to Multiple Spanning Trees Backward compatible with 802.1d and 802.1w Associates group of vlans to a single spanning tree instance Load balancing Multiple forwarding paths 16 instances and one CIST
PG 52 NORTEL NETWORKS CONFIDENTIAL

RSTP & MSTP -2


Configure RSTP & MSTP
Main# /cfg/l2/ [Layer 2 Menu] mrst - Multiple Spanning Tree/Rapid Spanning Tree Menu cist - Common and Internal Spanning Tree menu name - Set MST region name version - Set Version of this MST region maxhop - Set Maximum Hop Count for MST (6 - 40) mode - Spanning Tree Mode on - Globally turn Multiple Spanning Tree (MSTP/RSTP) ON off - Globally turn Multiple Spanning Tree (MSTP/RSTP) OFF cur - Display current MST parameters

PG 53

NORTEL NETWORKS CONFIDENTIAL

Delivering Resilient Secure VoIP


REGISTER and INVITE John INVITE John SIP 200/OK SIP 200/OK

Solution provides resiliency, with security


Maintains performance with SIP Proxy application level Health checking Offloads Proxys response to SIP client health/info checks Ensures persistence based on the SIP protocol call ID Secures Proxy with wire speed NAT and DoS filtering to ensure minimum latency in IP Telephony networks Secures Traffic with SSL Acceleration

Application Switch

SIP Call Server Clusters

Customer Challenges
> VoIP networks require 5 x 9s uptime > SIP Proxy server is the brain of IP Telephony networks
PG 54

NORTEL NETWORKS CONFIDENTIAL

SIP Proxy Load Balancing


> Manages/distributes SIP traffic over UDP, TCP, and TLS > Failover via SIP Proxy application health checks > Call persistence using call ID or source IP
SIP Clients A B

> Secures Proxy with wire speed NAT


transparent to SIP clients IP addresses of SIP Proxies are hidden to entities on public side of Alteon Switch

Alteon Application Switch

> Intelligent ICMP Error handling If error from foreign SIP host, forwards to
originating local SIP Proxy If error from local SIP Proxy, error not propagated outside local network
PG 55

SIP Call server cluster

NORTEL NETWORKS CONFIDENTIAL

Layered Security

ScanSynFin DoS Attack Anti-Spoofing Worms, Viruses, Trojans Peer-to-Peer Instant Messaging, Internet Radio VoIP

Nortel Internal POR / Roadmap ONLY Under Strict NDA

Limited Guaranteed

PG 56

NORTEL NETWORKS CONFIDENTIAL

Nortel Application Switch Roadmap


> Resilient VoIP > Secure Switching
Connection Management Offload certain functions to specialized hardware Server Cloaking XML acceleration Retry until response is obtained
Inform operator before end users Asymmetric Compression for any protocol Object caching

> Guaranteed Application Delivery


Protocol Optimizations

Creating a resilient network that intelligently, accelerates and secures converged applications in a global enterprise
PG 57 NORTEL NETWORKS CONFIDENTIAL