Unified services gateway
Download
Report
Transcript Unified services gateway
OmniAccess WAN
OA700
Hauke Heinecke
All Rights Reserved © Alcatel-Lucent 2006, #####
Was ist falsch?
2 | Presentation Title | Month 2006
All Rights Reserved © Alcatel-Lucent 2006, #####
OmniAccess 700 Unified Services Gateway
Value Propositions
Reduces cost and complexity of managing enterprise and branch office networks
Unified services gateway for enterprise and branch offices
Simple deployment - both network, voice & security services on one platform
Modular addition of new services on an as-needed basis
Modular system design for fast recovery
Unparalleled high availability to support mission-critical applications
Non-disruptive service upgrades & configuration changes
Insulation of system from failure of any one service
Comprehensive management, always accessible platform
Easy addition of new services via remote upgrades
Easy expansion into new branch sites – ship chassis, remotely configure & provision services
Highly secure infrastructure with ability to respond rapidly to new security threats
Easy addition of new security containment measures & other services via remote upgrades
Open platform to enable integration of customer and partner applications as needed
3 | Presentation Title | Month 2006
All Rights Reserved © Alcatel-Lucent 2006, #####
OmniAccess 700 Unified Services Gateway
Services Gateway Family
OA780
OA740
Purpose-built to simplify enterprise operations
Unified services
Security services (firewall, IDS/IPS, VPN)
Voice services (SIP ALG, QoS)
Network services (switching, routing, QoS)
Branch office services (DNS, DHCP, etc)
100% remote accessibility
Maximum availability
4 | Presentation Title | Month 2006
All Rights Reserved © Alcatel-Lucent 2006, #####
OA720
OmniAccess 700 Service Gateway
Lifeline™ Management
Powerful Software Architecture
Networking:
DNS
RADIUS
SSL VPN
WAN Opt.:
Web Cache
Compression
New Apps:
3rd Party
Custom
Open Source
Storage
Applications
Application Interface
Router
Firewall
VPN
IDS/IPS
QoS
AV
Services
ModuLive OS
T1/E1
5 | Presentation Title | Month 2006
V.35/X.21
ADSL
ISDN
All Rights Reserved © Alcatel-Lucent 2006, #####
Gig E
HW IFs
OmniAccess 700 Unified Services Gateway
Purpose-Built Architecture --> ModuLive™ Operating System
Traditional Router
Firewall
VPN
IDS / IPS
VoIP
Router
Switching
Monolithic Operating System
Monolithic OS is high risk for multiple services down
One failure or upgrade = all services down
OmniAccess 700
Firewall
VPN
IDS
IDS /
/ IPS
IPS
VoIP
Router
Switching
ModuLive™ OS
Modularity = major advantage
in managing services
6 | Presentation Title | Month 2006
Modular, always-live operating system
Start / stop individual software modules
Real-time service addition w/o disruption
Insulate system from failure of any service
All Rights Reserved © Alcatel-Lucent 2006, #####
OmniAccess 700 Unified Services Gateway
Purpose-Built Architecture --> Lifeline™ Management Framework
1st Generation
Early 90s
2nd Generation
Late 90s
Data
Plane
Data
Plane
7 | Presentation Title | Month 2006
Data
Plane
Control
Plane
Control
Plane
Data plane limits
performance &
mgmt access
3rd Generation
OmniAccess today
Data performance
improved, mgmt still
tied to data paths
All Rights Reserved © Alcatel-Lucent 2006, #####
Mgmt
Plane
Full separation of data
& mgmt traffic,
accessible even if main
processing unavailable
High Performance Multi-Service Support with: OnePass™ Packet Processing
Packet Ingress
Packet Ingress
1
Routing
4
Routing
(again)
2
3
5
1
Firewall
Packet Egress
Packet
2
Firewall
Security
Inspection
Multiple
3
Packet
Security
Single
Inspections
Routing
4
Packet Egress
Traditional Branch Office Routers
OmniAccess 700 USG
By inspecting packets only once, processor efficiency increases and
latency remains virtually the same no matter how many services are active
8 | Presentation Title | Month 2006
All Rights Reserved © Alcatel-Lucent 2006, #####
OmniAccess 780 System - Release 2.2 (Hardware)
Features
High-speed PCI-Express switching backplane
~900Kpps forwarding engine
High-redundancy management plane with Lifeline remote
manageability
Built-in 2 GE ports
Redundant power option
System Modules
SE - Services Engine
SF – Switching Fabric
Interface Modules
8 port 10/100/1000 Ethernet switch card
4 port T1/E1 (channelized & unchannelized)
4 ports USP (X.21/V.35)
9 | Presentation Title | Month 2006
All Rights Reserved © Alcatel-Lucent 2006, #####
OA780-CB-A – Chassis Bundle System Overview - Release 2.2 (Hardware)
$9,995
List
OA780 Chassis
3 RU high
10-slots
6-slots for interface modules
2 power supply slots (Rear)
Mid-plane architecture
19” rack mountable
Fan tray
Hot swappable
Console port
Modem port
USB port
OS780-PS400-A
OA780-SF (Switch Fabric)
400 watt (90-240v auto detection)
BTUs
Supports two
Hot Swappable
Internal interconnect for all
modules
OA700-SE (Services Engine)
Main CPU module
10 | Presentation Title | Month 2006
All Rights Reserved © Alcatel-Lucent 2006, #####
OmniAccess 740 System - Release 2.2 (Hardware)
Features
PCI-Express based high-speed switching backplane
~900Kpps forwarding engine
Switching fabric integrated into backplane
Built-in 2 GE ports
System Modules
SE - Services Engine
Interface Modules
8 port 10/100/1000 Ethernet switch card
4 port T1/E1 (channelized & unchannelized)
4 port USP (X.21/V.35)
11 | Presentation Title | Month 2006
All Rights Reserved © Alcatel-Lucent 2006, #####
OA740-CB-A – Chassis Bundle System Overview - Release 2.2 (Hardware)
OA740 Chassis
1 RU high
4-sots
2-slots for interface modules
Single internal AC power supply
19” rack mountable
OA700-SE (Services Engine)
12 | Presentation Title | Month 2006
Main CPU module
All Rights Reserved © Alcatel-Lucent 2006, #####
$4,995
List
Common System and Interface Modules - Release 2.2 (Hardware)
OA7-T1E1-4 (4-Port T1/E1)
Channelized T1 and E1
Unchannelized T1 and E1
Fractional T1 and E1
RJ-45 connections
HDLC, PPP and Frame Relay
Encapsulations: MLFR, MLPPP, HDLC
OA7-GE-8 (L2 Ethernet Switch)
OA700-SE (Service Engine)
2 GHz Opteron CPU
Memory 512MB expandable to 1GB
On board 2 port 10/100/1000 Copper Ethernet
interfaces
Local Mgmt CPU controls/monitors Opteron
Requires a minimum of one in an OA780 or OA740
Consumes 2 slots in the chassis
8 ports of 10/100/1000
Layer 2 switching
RJ-45 connections
OA7-USP-4 (Universal Serial Port)
13 | Presentation Title | Month 2006
4 ports on 2 connectors
V.35, X.21 interfaces
Protocol selection via interface cable
All Rights Reserved © Alcatel-Lucent 2006, #####
OmniAccess 700 USG: Release 2.2 (Software)
OnePass packet processing – Guaranteed performance
ModuLive - Modular software platform for in-service upgrades
Lifeline management framework – Maximum availability
Network services
Routing: RIP, OSPF, BGP, GRE for IP, VRRP, PIM
LAN switching: 802.1Q VLANs, STP, PVST+, Integrated Routing & Bridging (IRB)
WAN: PPP, MLPPP, Frame Relay, MLFR, HDLC, and Ethernet
System: DHCP Relay/Client, DNS client, TFTP/FTP, Telnet
QOS: Hierarchical Queuing, Rate limiting, Shaping, RED, WRED, DSCP/TOS marking
Security
Stateful FW: Stateful packet inspection, Attack detection, NAT, DDOS, ALGs, ACLs, 128K sessions
IPSec VPN: Site-to-Site, 3DES, AES, PKI, NAT traversal, 2.5K VPN tunnels
IDS/IPS: Detection, Prevention modes, Automatic Signature updates, Group-based IDS/IPS
ALGs: SIP, NOEv3 – Dynamic pinhole mgmt
QoS: Strict priority queuing, DSCP (EF) classification & marking
VoIP
14 | Presentation Title | Month 2006
All Rights Reserved © Alcatel-Lucent 2006, #####
Die Gesamtlösung
All Rights Reserved © Alcatel-Lucent 2006, #####
Secure Network Transformation
LAN/WAN Networking Solutions
WLAN
LAN Edge
LAN Aggregation
LAN Core
WAN/MAN
Brick Firewall
OmniAccess 3500
Laptop Guardian
7450/7750
OmniAccess
SafeGuard
OmniAccess
WLAN
OmniStack
LS 6200
OmniSwitch
6850 / L
OmniAccess 700
OmniSwitch
7000/9000
Durchgängige Netzwerk Services
Durchgängiges Netzwerkmanagement – OmniVista / Vital Suite
Endgeräte
WLAN
LAN
TDM
Omni PCX
Enterprise
Genesis
Omni PCX Office
16 | Presentation Title | Month 2006
OTUC
All Rights Reserved © Alcatel-Lucent 2006, #####
Konvergente Wired & Wireless Lösung
Kosteneinsparung
Niedriger CAPEX und OPEX
Geringer
Platzverbrauch
Geringer
Stromverbauch
Geringe
Installationsdauer
Hohe Skalierbarkeit
OmniSwitches verfügen über sehr hohe Portdichten + 10 Gigabit Ethernet
Uplinks. Damit reduzieren sie die Komplexität im Netzwerk
OmniPCX Enterprise: 15K Benutzer, 100K Benutzer bei Vernetzung
Blade Center Unterstützung für Sprache und alle relevante Anwendungen
Weniger Stromverbrauch und Klimatisierungsaufwand
POE: Automatische Erkennung von IP-Telefonen, WLAN Access Points
OmniSwitch 9000 entsprechen US “Green” Standarts durch bis zu 60%
weniger Energieverbauch
Einfachste Administration
Key Points
Am besten skalierbare IPT-Lösung am Markt
Sehr hohe Portdichte
Einzigartiges POE Management
17 | Presentation Title | Month 2006
All Rights Reserved © Alcatel-Lucent 2006, #####
Wired & Wireless Convergence Solutions
Always On
Erweiterte Sicherheit und Verfügbarkeit
Services
“Always On”
100% Sicher
•MPLS
Verfügbarkeit
5x9 Verfügbarkeit für Realtime Dienste wie IPT, Video
Kompromisslose Redundanz
LAN/WAN: Ausgefeiltes Backup Konzept: Media Gateway Backup, PCS,
Hotswap, MPLS Protection
Selbstheilende Komponenten, z.B. WLAN
Sicherheit
802.1X Authentifzierung: Telefon mit Multi-Session Unterstützung im
OmniSwitch
“Dynamic Pinholing” Unterstützung der FW, Voice/data VLAN
Unterstützung, Partition Management, Softphone mit VLAN Support
ITU X.805 framework, Common Criteria certification
Key Points
Bell Labs Expertise in Sicherheitsthemen
Sicherste IP Telephony Lösung (Miercom 06)
Einziges Softphone mit VLAN partitioning
18 | Presentation Title | Month 2006
All Rights Reserved © Alcatel-Lucent 2006, #####
Wired & Wireless Convergence Solutions
Easy to Manage
Einfachste Verwaltung und geringere TCO
Vereinfachung
OmniVista
Einfachstes Management, z.B. QoS und Access Listen
Zentraler Kommunikationsserver
Gemeinsame Verwaltung des Netzwerks für alle Dienste
Zentralisierung
End-to-End Management Lösung
Zentralisierte IP Adress Verwaltung – VitalQIP
Zentralisierte Performance Überwachung – VitalSuite
Zentralisierte Verwaltung von verteilten VPN und Firewall Lösungen - Brick
Key Points
Führende IP-Address Management Lösung
Multivendor Unterstützung/VitalQIP & VitalSuite
Einfache QOS & Security Verwaltung
19 | Presentation Title | Month 2006
All Rights Reserved © Alcatel-Lucent 2006, #####
Wired & Wireless Convergence Solutions
Converged Services
Konvergente Mobility Lösung
Komplett
Services
Benutzer
erkennung
WLAN Netzwerk mit Unterstützung für Sprache
Zentralisierte und skalierbare Voice & Data WLAN Lösung
Integrierte Firewall und Authentifizierungsserver (AAA)
“Voice aware” WLAN Infrastruktur: Schnelles hand over, 802.11e QOS, ARP
proxy, zentralisiertes CAC, Powersaving Modi
Fixed/Mobile Lösung
Kompletter Telefonieservice für jedes Endgerät: WiFi, DECT, GSM
“Dual mode” GSM/SIP WiFi, Partnerschaft mit Nokia
Benutzer- und Geräte Lokalisierung
Key Points
FMC voll in OmniPCX Enterprise integriert
Erste SIP “dual mode” Mobilitätslösung
Zentralisierte WLAN Lösung mit Ultra-Thin AP
20 | Presentation Title | Month 2006
All Rights Reserved © Alcatel-Lucent 2006, #####
Alcatel-Lucent Wired und Wireless konvergente Lösungen als
ONE STOP SHOPPING
Kosten
Optimierung
Alles aus einer Hand
Höchste Skalierbarkeit
Höchste Verfügbarkeit
Geringer Energieverbrauch
Einfach zu
managen
Durchgehende Möbilitätslösung
Sicherste Lösung
Always On
End-to-End Management
Internet Standards
21 | Presentation Title | Month 2006
Konvergente
Dienste
All Rights Reserved © Alcatel-Lucent 2006, #####
www.alcatel-lucent.com
22 | Presentation Title | Month 2006
All Rights Reserved © Alcatel-Lucent 2006, #####