Optimised redundancy for Security Gateway deployments
|
|
- Denis Simon
- 5 years ago
- Views:
Transcription
1 Optimised redundancy for Security Gateway deployments
2 RECAP:- JUNIPER LTE SECURITY OFFERING Customer Priorities Core elements protection RAN and UE protection SCTP protection Scalability Mission critical availability Voice over LTE Coordinated protection Secure business and access to all services from any to any Juniper LTE Solution SRX Security Service Gateways TL 9000 certification In Service SW Upgrades NEBS III / DC Power CC EAL Hot Swap I/O Cards ICSA 120G FW 30G IPS 10M Sessions 350k SPS 21M pps (64B) 2 Copyright 2011 Juniper Networks, Inc. IP & GTP & SCTP Firewall QoS DoS Protection IPv6 IPSec High Availability
3 RESILIENCY CONSIDERATIONS FOR LTE/SEGW MME Cell sites eutran Security Gateway S-GW Evolved Packet Core Services/Internet Catastrophic Act of Nature/Criminality/Terrorism Geographic site distribution Highly available Security Gateway Clustered mode with IPSec tunnel and S1-U/S1-MME session synchronisation Redundant everything Inter-node cluster links, power feeds and PSUs, physical SeGWs Fast failover for latency-sensitive services like VoLTE Provide lowest possible failover times, under 0.5s Maintain signalling Ensure SeGW does not cause problems with common signalling failover times (800ms) Node maintenance Firmware and hardware upgrades with near-zero downtime 3 Copyright 2011 Juniper Networks, Inc.
4 ANATOMY OF A REDUNDANT SOLUTION Aggregation site 1 SRX5800 Rear BACKHAUL MME Cell-site Geographic Redundant 2+2 High L3 Active/Active redundancy Redundant Availability HA distribution VPN links power Requires Dual Synchronisation BFD Split SCTP used links power inter-site for to signalling supplies provide control of L2 IPSec on and link for dualhomed rapid HA per nodes at failover L3 site in ~300ms No Separate Resilient Failover Mitigates SCTP hard handles time distance against loss physical commonly of subsecond adjacent loss limitations paths of 1 ~1s for data SAs connectivity plane zones for failover best entire routers signalling redundancy feed or failover links or 2 PSUs Latency between sites must be less than 100ms Aggregation site 2 S-GW Core Site P-GW 4 Copyright 2011 Juniper Networks, Inc.
5 GEOGRAPHIC CLUSTER DISTRIBUTION HA Links L2 Infrastructure Site A Cluster Jurisdiction Site B Mitigate catastrophic event by distributing SeGW cluster members between physical sites with L2 connectivity (required) No hard maximum distance Latency between sites should be less than 100ms HA connections can be directly cabled or over a switched infrastructure Appnote enclosed explains design guidelines 5 Copyright 2011 Juniper Networks, Inc.
6 MULTIPLE HA LINKS Node 0 Control plane Node 1 Control plane Separate physical paths between sites Node 0 Dataplane Node 1 Dataplane SRX Node 0 SRX Node 1 Dual links can be used for control and forwarding plane (Fabric) HA Maximum availability of cluster links across distributed sites Requires additional Routing Engine (RE) per node for dual control links 2 I/O ports per node required for dual Fabric links (1Gbps or 10Gbps) Should be cabled over separate physical paths/infrastructures for greatest resilience 6 Copyright 2011 Juniper Networks, Inc.
7 REDUNDANT POWER OPTIONS Power feed 1 Power feed 2 Fully redundant, 2+2 power (DC or high-capacity AC) available Dual zones on SRX (as above) Dual power feeds in aggregation site should be distributed across zones Eg, Feed 1 goes to PEM 0 and PEM 1, Feed 2 to PEM 2 and PEM 3 SRX can continue to fully function through loss of Entire single power feed Up to 2 PSUs, providing they are different zones 7 Copyright 2011 Juniper Networks, Inc.
8 HIGH AVAILABILITY:- CORE FUNCTIONALITY IPSec tunnels IPSec SA and session sync JUNOS HA provides a number of core resilience functions on SeGW Synchronisation of IPSec SAs No tunnel re-establishment = minimal downtime for SeGW failover Synchronisation of underlying clear-text sessions SCTP and GTP Allows for stateful security and HA for SCTP signalling ISSU (In-Service Software Upgrades)* Upgrade JUNOS with minimal downtime (potentially subsecond) SPC capacity upgrade Scale performance with minimal downtime (potentially subsecond) 8 Copyright 2009 Juniper Networks, Inc. *IPSec support for ISSU coming 2H2012
9 OPTIMISED L3 FAILOVER RAN L3 forwarding interface (Reth) OSPF/BFD adjacency Use 2 x L3 links up and down stream for optimised failover BFD (+DRP) runs between SRX and adjacent aggregation/pe routers Loss of aggregation/pe router or a link causes L3 route failover HA failover occurs only if both L3 interfaces (up or down stream) on a node are down Site A EPC Site B Failover with BFD occurs with an absolute downtime of ~350ms Ideal for high priority traffic requirements, eg VoLTE 9 Copyright 2009 Juniper Networks, Inc.
10 OPTIMISED L3 FAILOVER IPSEC TERMINATION L3 interfaces Possible IPSec tunnel paths Aggregation router (site A) Loopback cable NB Logical view only, SRX cluster not shown IKE/IPSec termination point SRX Aggregation router (site B) L3 ingress IP changes as interface fails over Needs an agnostic logical interface for IPSec termination Loopback Reth A physical interface is kept up with a local loop cable Used as the outgoing interface for IKE negotiation but no traffic traverses the looped cable Can be 1Gbps or 10Gbps no forwarding needed Can be migrated to logical loopback from JUNOS 12.3 (loopback currently not supported for IPSec termination in cluster mode) 10 Copyright 2009 Juniper Networks, Inc.
11 SIGNALLING OPTIMISATION Association setup (INIT exchange) + primary SCTP path enb Secondary SCTP path The problem:- SCTP signalling applications typically failover in 800ms or less For dual-homed signalling, primary AND secondary paths could both fail in 1.6s Under certain conditions, SeGW HA failover takes > 1.6s HA failover could lead to complete loss of signalling The solution:- Split the primary and secondary SCTP sessions, both from a RAN path perspective and also an SeGW termination point perspective Use Active/Active HA and divide the homing across cluster members MME 11 Copyright 2009 Juniper Networks, Inc.
12 SIGNALLING RESILIENCE WITH ACTIVE/ACTIVE HA MS VPN A RAN enb VPN B User plane Primary SCTP Secondary SCTP SCTP dual-homed association split down dual IPSec tunnels In case of loss of primary path or primary SeGW, signalling fails to secondary VPN Secondary VPN always up Signalling timers (~800ms) are catered for User plane is not rerouted to secondary VPN Assumes failover time (1-3s) is acceptable for user plane S-GW MME 12 Copyright 2009 Juniper Networks, Inc.
13 SIGNALLING RESILIENCE WITH ACTIVE/ACTIVE HA FAILOVER WALKTHROUGH MS VPN A RAN enb VPN B User plane Primary SCTP Secondary SCTP 1 2 Normal operating conditions User plane and primary SCTP through RG1, secondary SCTP through RG2 RG1 failure (eg SRX loses power). User plane forwarding and primary SCTP path lost RG1 begins to failover; SCTP detects path down and uses secondary path Failover completes, RG1 and RG2 active on same node. User plane traffic resumes Primary signalling path recovered through SCTP heartbeats. HA preemption can be optionally configured to failback S-GW MME 13 Copyright 2009 Juniper Networks, Inc.
14 A/A ADDITIONAL BENEFIT:- SCTP ALG IP A RAN IP B Primary SCTP Secondary SCTP SCTP Association is synchronised across cluster Possible sessions for a given association are clearly defined by src/dst IP addresses in the INIT exchange Init exchange SCTP Association SIP=A,B DIP=C,D Turning on SCTP ALG allows SCTP to be handled statefully Prevents any potential attacks listed in RFC5062, eg hijacking, bombing IP D IP C MME 14 Copyright 2009 Juniper Networks, Inc.
15 USER PLANE FAILOVER WITH DUAL TUNNEL User plane failover requires a mechanism to detect that the tunnel is down (or not passing traffic due to a problem in the path) This could be DPD Tends to have long timers which do not facilitate rapid failover 30s+ common for DPD to detect tunnel down Checks tunnel liveness only via IKE (does not extend to forwarding plane checking) Could also be a DRP Not necessarily supported on enbs 15 Copyright 2009 Juniper Networks, Inc.
16 FUTURE FOR TUNNEL FAILOVER BFDoIPSEC? BFD could offer a solution Could be run in conjunction with static routes Granular timing options for BFD keepalives 50ms is typical minimum Can give high speed failover between tunnels including user plane Currently supported over IPSec on SRX Not supported on all (any?) base stations today, but planned* 16 Copyright 2009 Juniper Networks, Inc. *caveat:- Juniper is not a basestation vendor, this is what we have heard!
17 GEOGRAPHIC MIGRATION OF SEGW SeGW deployments tending towards a large scale centralised deployment One VPN migrated; traffic failed over; 2nd VPN migrated A more distributed architecture has advantages More efficient X2 transport Minimal impact of SeGW node failure Lower performance requirements per node S-GW MME Loopback termination of IPSec VPNs could offer a simple migration path in conjunction with A/A Dual tunnels could exist on different clusters during migration 17 Copyright 2009 Juniper Networks, Inc.
18 SEGW:- REDUNDANCY SUMMARY MATRIX Requirement Solution component Notes Redundant power 2+2 PSUs Dual feeds per site required Redundant HA links Dual control/dual data plane HA links Links pairs should traverse disparate paths High Availability SRX cluster Provides IPSec SA and session synchronisation Fast failover at L3 Dual L3 links with BFD Mitigates loss of adjacent routers or links Signalling failover Active/Active Dual tunnel Design may not be supported by all radio vendors Geographic redundancy Dispersed cluster L2 needed between sites 18 Copyright 2009 Juniper Networks, Inc.
19 Permanent Tunnel Initial Tunnel RELAY PROVISIONING AUTO CONFIGURATION PROTOCOL WORKFLOW enodeb SGW DHCP (can be coresident on SRX) DHCP: en- & operator specific / / PKI FE 1 PKI - BE Authenticate to Operator s CA with enb vendor Certificate & key signing request Create, sign & download operator s enb Certificate Create Temporary IPSec Tunnel Conf Server PKI FE 2 REBOOT Create Permanent IPSec Tunnel 19 Copyright 2009 Juniper Networks, Inc.
20 JUNIPER SRX AS SEGW:- INVESTMENT PROTECTION AND FUTURE SCALE Hardware Refresh:- Key points Backward compatible - Low upgrade cost Operational Simplicity No change to security config Investment Protection Non-stop services Redundant components Stateful HA In-service SW upgrade In-service HW upgrade Performance Scale Next-generation SPC 2x-3x boost in performance Up to 8x jump in scale Headroom for future growth 20 Copyright 2009 Juniper Networks, Inc.
21
Deployment Guide for SRX Series Services Gateways in Chassis Cluster Configuration
Deployment Guide for SRX Series Services Gateways in Chassis Cluster Configuration Version 1.2 June 2013 Juniper Networks, 2013 Contents Introduction... 3 Chassis Cluster Concepts... 4 Scenarios for Chassis
More informationSRX Services Gateway Cluster Deployments Across Layer Two Networks. Deployment requirements for SRX cluster connectivity across layer two networks
SRX Services Gateway Cluster Deployments Across Layer Two Networks Deployment requirements for SRX cluster connectivity across layer two networks Introduction Stateful firewall clustering has traditionally
More informationNetwork Configuration Example
Network Configuration Example Configuring SRX Chassis Clusters for High Availability Modified: 2018-09-26 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationNetwork Configuration Example
Network Configuration Example Configuring a Single SRX Series Device in a Branch Office Modified: 2017-01-23 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationSecurity Everywhere Within Juniper Networks Mobile Cloud Architecture. Mobile World Congress 2017
Security Everywhere Within Juniper Networks Mobile Cloud Architecture Mobile World Congress 2017 Agenda Challenges and Trends Use Cases and Solutions Products and Services Proof Points Juniper s Mobile
More information5G: an IP Engineer Perspective
5G: an Engineer Perspective Igor Giangrossi Principal Consulting Engineer /Optical Networks igor.giangrossi@nokia.com 1 NANOG 75 A Brief History of Mobile Networks From analog voice to high speed Internet
More informationCluster Upgrade. SRX Series Services Gateways for the Branch Upgrade Junos OS with Minimal Traffic Disruption and a Single Command APPLICATION NOTE
APPLICATION NOTE Simple Chassis Cluster Upgrade SRX Series Services Gateways for the Branch Upgrade Junos OS with Minimal Traffic Disruption and a Single Command Copyright 2013, Juniper Networks, Inc.
More informationCisco 5921 Embedded Services Router
Data Sheet Cisco 5921 Embedded Services Router The Cisco 5921 Embedded Services Router (ESR) is a Cisco IOS software router application. It is designed to operate on small, low-power, Linux-based platforms
More informationA. Verify that the IKE gateway proposals on the initiator and responder are the same.
Volume: 64 Questions Question: 1 You need to configure an IPsec tunnel between a remote site and a hub site. The SRX Series device at the remote site receives a dynamic IP address on the external interface
More informationNetwork Virtualization. Duane de Witt
Network Virtualization Duane de Witt nv Edge System Overview System Deep Dive nv System Overview System Deep Dive NV EDGE SYSTEM OVERVIEW SUPERIOR, SIMPLE NETWORK DUAL-HOMING SOLUTION L3 Router dualhoming
More informationCisco Group Encrypted Transport VPN
Cisco Group Encrypted Transport VPN Q. What is Cisco Group Encrypted Transport VPN? A. Cisco Group Encrypted Transport is a next-generation WAN VPN solution that defines a new category of VPN, one that
More informationVeloCloud Cloud-Delivered WAN Fast. Simple. Secure. KUHN CONSULTING GmbH
VeloCloud Cloud-Delivered WAN Fast. Simple. Secure. 1 Agenda 1. Overview and company presentation 2. Solution presentation 3. Main benefits to show to customers 4. Deployment models 2 VeloCloud Company
More informationLTE CONVERGED GATEWAY IP FLOW MOBILITY SOLUTION
LTE CONVERGED GATEWAY FLOW MOBILITY SOLUTION John Cartmell InterDigital Melville, New York, USA john.cartmell@interdigital.com ABSTRACT Flow Mobility (IFOM) is a feature defined in the 3GPP standards.
More informationDAY 2. HSPA Systems Architecture and Protocols
DAY 2 HSPA Systems Architecture and Protocols 1 LTE Basic Reference Model UE: User Equipment S-GW: Serving Gateway P-GW: PDN Gateway MME : Mobility Management Entity enb: evolved Node B HSS: Home Subscriber
More informationHigh Availability Synchronization PAN-OS 5.0.3
High Availability Synchronization PAN-OS 5.0.3 Revision B 2013, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Device Configuration... 4 Network Configuration... 9 Objects Configuration...
More informationAccelerating 4G Network Performance
WHITE PAPER Accelerating 4G Network Performance OFFLOADING VIRTUALIZED EPC TRAFFIC ON AN OVS-ENABLED NETRONOME SMARTNIC NETRONOME AGILIO SMARTNICS PROVIDE A 5X INCREASE IN vepc BANDWIDTH ON THE SAME NUMBER
More informationBarracuda Link Balancer
Barracuda Networks Technical Documentation Barracuda Link Balancer Administrator s Guide Version 2.3 RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks www.barracuda.com v2.3-111215-01-1215
More informationENTERPRISE SECURITY MANAGEMENT. Frederick Verduyckt 20 September 2012
ENTERPRISE SECURITY MANAGEMENT Frederick Verduyckt 20 September 2012 SETTING THE AGENDA FOR THE NEXT DECADE JUNIPER NETWORKS IS TRANSFORMING THE EXPERIENCE AND ECONOMICS OF NETWORKING 2 Copyright 2012
More informationOverview of the Juniper Networks Mobile Cloud Architecture
Overview of the Juniper Networks Mobile Cloud Architecture Laying the Foundation for a Next-Generation Secure Distributed Telco Cloud White Paper June 2017 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale,
More informationJunos Security. Rob Cameron, Brad Woodberg, Patricio Giecco, O'REILLY. Tim Eberhard, andjames Quinn INFORMATIQNSBIBLIOTHEK UNIVERSITATSBIBLIOTHEK
Junos Security Rob Cameron, Brad Woodberg, Patricio Giecco, Tim Eberhard, andjames Quinn TECHNISCHE INFORMATIQNSBIBLIOTHEK UNIVERSITATSBIBLIOTHEK HANNOVER O'REILLY Beijing Cambridge Farnham Kiiln Sebastopol
More informationNetwork Configuration Example
Network Configuration Example Deploying Secure Multicast Market Data Services for Financial Services Environments Modified: 2016-07-29 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089
More informationLTE Relay Node Self-Configuration
12th IFIP/IEEE IM 2011: Application Session IM 2011 Application Session LTE Relay Node Self-Configuration Péter Szilágyi, Henning Sanneck Nokia Siemens Networks Research 1 Nokia Siemens Networks LTE Relay
More information5G voice network evolution aspects. Voice over NR in a 5G System and migration from Evolved Packet System Fallback. Paper 3
5G voice network evolution aspects Voice over NR in a 5G System and migration from Evolved Packet System Fallback Paper 3 2 Ericsson 5G voice network evolution aspects Abstract This document is part of
More informationJ-series High Availability
Application Note J-series High Availability Configuring and Deploying the J-series Chassis Cluster Feature Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000
More informationJunos Security (JSEC)
Junos Security (JSEC) Course No: EDU-JUN-JSEC Length: 5 days Schedule and Registration Course Overview This five-day course covers the configuration, operation, and implementation of SRX Series Services
More informationJuniper Security Update. Karel Hendrych Juniper Networks
Juniper Security Update Karel Hendrych Juniper Networks khe@juniper.net Agenda High End SRX security gateways Overview, SRX1400 JunOS update AppSecure Competitive 2 Copyright 2009 Juniper Networks, Inc.
More information21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal. By Adeyemi Ademola E. Cloud Engineer
21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal By Adeyemi Ademola E. Cloud Engineer 1 Contents Introduction... 5 1.2 Document Purpose and Scope...5 Service Definition...
More informationBRANCH SRX SERIES AND J SERIES CHASSIS CLUSTERING
APPLICATION NOTE BRANCH SRX SERIES AND J SERIES CHASSIS CLUSTERING Configuring Chassis Clusters on Branch SRX Series Services Gateways and J Series Services Routers Copyright 2012, Juniper Networks, Inc.
More informationSD-WAN Deployment Guide (CVD)
SD-WAN Deployment Guide (CVD) All Cisco Meraki security appliances are equipped with SD-WAN capabilities that enable administrators to maximize network resiliency and bandwidth efficiency. This guide introduces
More informationJuniper Networks M Series and J Series Routers
PRODUCT CATEGORY BROCHURE Juniper Networks M Series and J Series Routers Juniper Networks Enterprise Routers New Levels of Security, Availability, Predictable Performance, and Operations Agility for Today
More information07/08/2016. Sami TABBANE. I. Introduction II. Evolved Packet Core III. Core network Dimensioning IV. Summary
Core network and transmission dimensioning Sami TABBANE 1 CONTENTS I. Introduction II. Evolved Packet Core III. Core network Dimensioning IV. Summary 2 1 CONTENTS I. Introduction 3 Introduction LTE Commercialization
More informationNetwork Configuration Example
Network Configuration Example Configuring a Two-Tiered Virtualized Data Center for Large Enterprise Networks Release NCE 33 Modified: 2016-08-01 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California
More informationLTE Backhaul Considerations. June 25,
LTE Backhaul Considerations June 25, 2012 1 AGENDA LTE Requirements and Backhaul Considerations Backhaul Framework and Architecture How to Manage the Network Evolution 2 LTE Business model challenge imperatives:
More informationLeverage SDN Principles in LTE to Meet Future Network Demands
Leverage SDN Principles in LTE to Meet Future Network Demands PLATFORM FOR PROFITABLE GROWTH The Role of SDN in LTE Networks SDN refers to specific technologies considered promising for mobile network
More informationScalability Considerations
CHAPTER 3 This chapter presents the steps to selecting products for a VPN solution, starting with sizing the headend, and then choosing products that can be deployed for headend devices. This chapter concludes
More informationInterchassis Asymmetric Routing Support for Zone-Based Firewall and NAT
Interchassis Asymmetric Routing Support for Zone-Based Firewall and NAT The Interchassis Asymmetric Routing Support for Zone-Based Firewall and NAT feature supports the forwarding of packets from a standby
More informationCisco 5921 Embedded Services Router
Data Sheet Cisco 5921 Embedded Services Router The Cisco 5921 Embedded Services Router (ESR) is a Cisco IOS software router. It is designed to operate on small, low-power, Linux-based platforms to extend
More informationLayer 2 Implementation
CHAPTER 3 In the Virtualized Multiservice Data Center (VMDC) 2.3 solution, the goal is to minimize the use of Spanning Tree Protocol (STP) convergence and loop detection by the use of Virtual Port Channel
More information3GPP TS V ( )
Technical Specification 3rd Generation Partnership Project; Technical Specification Group Radio Access Network; Evolved Universal Terrestrial Radio Access Network (E-UTRAN); General aspects and principles
More informationHigh Availability and Redundant Operation
This chapter describes the high availability and redundancy features of the Cisco ASR 9000 Series Routers. Features Overview, page 1 High Availability Router Operations, page 1 Power Supply Redundancy,
More informationRTO/RPO numbers for different resiliency scenarios
RTO/RPO numbers for different resiliency scenarios Agenda Design changes to support Voice high availability User Services Component (Presence & Conferencing) Registrar Component Registration & Routing
More informationNEC Virtualized Evolved Packet Core vepc
TE-524262 NEC Virtualized Evolved Packet Core vepc Design Concepts and Benefits INDEX Leading the transformation into Mobile Packet Core Virtualization P.3 vepc System Architecture Overview P.4 Elastic
More informationOverview of the Juniper Mobile Cloud Architecture Laying the Foundation for a Next-gen Secure Distributed Telco Cloud. Mobile World Congress 2017
Overview of the Juniper Mobile Cloud Laying the Foundation for a Next-gen Secure Telco Cloud Mobile World Congress 2017 Summary Mobile Challenges and Trends through 2020 Business Drivers Enable new revenue
More informationSRX Chassis Cluster Upgrade with Minimal Downtime (v0.7)
SRX Chassis Cluster Upgrade with Minimal Downtime (v0.7) Assume that node0 is the primary for control plane (RG0) and data plane (RG1+) and configured with high priority than the secondary node. On the
More informationJunos OS Release 12.1X47 Feature Guide
Junos OS Release 12.1X47 Feature Guide Junos OS Release 12.1X47-D15 19 November 2014 Revision 1 This feature guide accompanies Junos OS Release 12.1X47-D15. This guide contains detailed information about
More informationINTRODUCTION TO LTE. ECE MOBILE COMMUNICATION Monday, 25 June 2018
INTRODUCTION TO LTE ECE 2526 - MOBILE COMMUNICATION Monday, 25 June 2018 1 WHAT IS LTE? 1. LTE stands for Long Term Evolution and it was started as a project in 2004 by the Third Generation Partnership
More informationSecurity Everywhere within the Juniper Networks Mobile Cloud Architecture. White Paper
Security Everywhere within the Juniper Networks Mobile Cloud Architecture White Paper October 2017 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationUser Role Firewall Policy
User Role Firewall Policy An SRX Series device can act as an Infranet Enforcer in a UAC network where it acts as a Layer 3 enforcement point, controlling access by using IP-based policies pushed down from
More informationConfiguring Stateful Interchassis Redundancy
The Stateful Interchassis Redundancy feature enables you to configure pairs of devices to act as backups for each other. This module describes conceptual information about and tasks for configuring stateful
More informationElastiNET FOR MOBILE BACKHAUL
ElastiNET FOR MOBILE BACKHAUL OPTIMIZED MOBILE BACKHAUL TO SUPPORT 5G SERVICES ON 4G INFRASTRUCTURE The demand for mobile data is spiraling as consumers expect services, such as streamed mobile video,
More informationIT Certification Exams Provider! Weofferfreeupdateserviceforoneyear! h ps://www.certqueen.com
IT Certification Exams Provider! Weofferfreeupdateserviceforoneyear! h ps://www.certqueen.com Exam : 4A0-M02 Title : Alcatel-Lucent Mobile Gateways for the LTE Evolved Packet Core Version : Demo 1 / 7
More informationIntroduction of ASTRI s Network Functions Virtualization (NFV) Technologies. ASTRI Proprietary
Introduction of ASTRI s Network Functions Virtualization (NFV) Technologies ASTRI LTE NFV Technology Demo on Intel ONP Virtual Network Functions Provides LTE Core Network Functions (VNF) SGW MME PGW LTE
More informationCisco Passguide Exam Questions & Answers
Cisco Passguide 642-648 Exam Questions & Answers Number: 642-648 Passing Score: 800 Time Limit: 120 min File Version: 61.8 http://www.gratisexam.com/ Cisco 642-648 Exam Questions & Answers Exam Name: Deploying
More informationCisco ASR 9000 Series High Availability: Continuous Network Operations
Cisco ASR 9000 Series High Availability: Continuous Network Operations The Challenge of Delivering Continuous Network Operations End users require the network to be up at all times with little to no service
More informationFlexVPN HA Dual Hub Configuration Example
FlexVPN HA Dual Hub Configuration Example Document ID: 118888 Contributed by Piotr Kupisiewicz, Wen Zhang, and Frederic Detienne, Cisco TAC Engineers. Apr 08, 2015 Contents Introduction Prerequisites Requirements
More informationVirtual Tunnel Interface
This chapter describes how to configure a VTI tunnel. About s, on page 1 Guidelines for s, on page 1 Create a VTI Tunnel, on page 2 About s The ASA supports a logical interface called (VTI). As an alternative
More informationSOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN
S O L U T I O N O V E R V I E W SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN Today s branch office users are consuming more wide area network (WAN) bandwidth
More informationVirtual Evolved Packet Core (VEPC) Placement in the Metro Core- Backhual-Aggregation Ring BY ABHISHEK GUPTA FRIDAY GROUP MEETING OCTOBER 20, 2017
Virtual Evolved Packet Core (VEPC) Placement in the Metro Core- Backhual-Aggregation Ring BY ABHISHEK GUPTA FRIDAY GROUP MEETING OCTOBER 20, 2017 LTE: All-IP, simplified network architecture [1] Introduction
More informationSECURING ULTRA-BROADBAND MOBILE ACCESS Deploying the Alcatel-Lucent Security
SECURING ULTRA-BROADBAND MOBILE ACCESS Deploying the Alcatel-Lucent Security Gateway to address the challenges of a flatter IP network architecture Application Note Abstract Traffic volumes are increasing
More informationJunos Security. Chapter 11: High Availability Clustering Implementation
Junos Security Chapter 11: High Availability Clustering Implementation 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully
More informationMulti-RAT Heterogeneous Networks. Presenter: S. Vasudevan, Technical Manager, Advanced Technology Standards
Multi-RAT Heterogeneous Networks Presenter: S. Vasudevan, Technical Manager, Advanced Technology Standards What are Multi-RAT Heterogeneous Networks Integrated Networks supporting a range of cell sizes
More informationE. The enodeb performs the compression and encryption of the user data stream.
Volume: 140 Questions Question No: 1 Which of the following statements is FALSE regarding the enodeb? A. The enodebs maybe interconnect TEID with each other via anx2 interface. B. The enodeb is an element
More informationCisco Virtualized Workload Mobility Introduction
CHAPTER 1 The ability to move workloads between physical locations within the virtualized Data Center (one or more physical Data Centers used to share IT assets and resources) has been a goal of progressive
More informationTHE EXPONENTIAL DATA CENTER
THE EXPONENTIAL DATA CENTER THE TYRANNY OF TREES Typical tree configuration Location matters in a tree architecture Bubbles Optimal performance VM One Hop 2 Copyright 2010 Juniper Networks, Inc. www.juniper.net
More informationWhere is the Network Edge? MEC Deployment Options, Business Case & SDN Considerations
Where is the Network Edge? MEC Deployment Options, Business Case & SDN Considerations Ian Goetz, Chief Architect, Vodafone Global Account, Juniper Networks August, 2016 Market Trends & The Network Environment
More informationPolitecnico di Torino Network architecture and management. Outline 11/01/2016. Marcello Maggiora, Antonio Lantieri, Marco Ricca
Politecnico di Torino Network architecture and management Marcello Maggiora, Antonio Lantieri, Marco Ricca Outline Politecnico di Torino network: Overview Building blocks: Edge, Core, Distribution, Access
More informationNumerics I N D E X. 3DES (Triple Data Encryption Standard), 48
I N D E X Numerics A 3DES (Triple Data Encryption Standard), 48 Access Rights screen (VPN 3000 Series Concentrator), administration, 316 322 Action options, applying to filter rules, 273 adding filter
More informationCustomer IPv6 Delivery
Customer IPv6 Delivery The Nextgen Experience Chris Chaundy, Nextgen Networks October 2011 Agenda Nextgen Network s strategy Just get a prefix and turn it on!?!? Scope of the project Hardware considerations
More informationPerformance Testing for Multicast Services Using TeraVM Application Note. The most important thing we build is trust
TeraVM Performance Testing for Multicast Services Using TeraVM Application Note The most important thing we build is trust Performance Testing for Multicast Services Unlike point-to-point network applications,
More informationTable of Contents 1 IKE 1-1
Table of Contents 1 IKE 1-1 IKE Overview 1-1 Security Mechanism of IKE 1-1 Operation of IKE 1-1 Functions of IKE in IPsec 1-2 Relationship Between IKE and IPsec 1-3 Protocols 1-3 Configuring IKE 1-3 Configuration
More informationTHETARAY ANOMALY DETECTION
NEPTUNE 0100110001101111011100100110010101101101001000000110100101110 0000111001101110101011011010010000001100100011011110110110001 1011110111001000100000011100110110100101110100001000000110000 1011011010110010101110100001011000010000001100011011011110110
More informationCAMPUS AND BRANCH RECAP. Ralph Wanders Consulting Systems Engineer
CAMPUS AND BRANCH RECAP Ralph Wanders Consulting Systems Engineer THE NEW CAMPUS & BRANCH ARCHITECTURE IS SIMPLY CONNECTED.. BYOD, Explosion of Apps Coordinated Security Simply Connected Performance at
More information*Performance and capacities are measured under ideal testing conditions using PAN-OS.0. Additionally, for VM
PA-820 PA-500 Feature Performance *Performance and capacities are measured under ideal testing conditions using PAN-OS.0. Additionally, for VM models please refer to hypervisor, cloud specific data sheet
More informationJuniper SD-WAN Alexandre Cezar Consulting Systems Engineer, Security/Cloud
Juniper SD-WAN Alexandre Cezar Consulting Systems Engineer, Security/Cloud acezar@juniper.net MARKET DYNAMICS Branch/WAN Evolution: PMO FMO Bring Agility and Enhanced Customer Experience Utilizing Cloud
More informationMobile Network Security
A key component of Ericsson s Evolved IP Network solution Technology paper This document outlines the need for effective network security in response to increasing perceived threats, recent publicized
More informationConfiguring High Availability (HA)
4 CHAPTER This chapter covers the following topics: Adding High Availability Cisco NAC Appliance To Your Network, page 4-1 Installing a Clean Access Manager High Availability Pair, page 4-3 Installing
More informationFujitsu Femtocell Solutions Supporting ideal in-building communications environments. shaping tomorrow with you
Supporting ideal in-building communications environments shaping tomorrow with you Increase Coverage and Capacity with a Superior End-user Experience The Fujitsu in-building solution enhances residential
More informationUnit 5 - IPv4/ IPv6 Transition Mechanism(8hr) BCT IV/ II Elective - Networking with IPv6
5.1 Tunneling 5.1.1 Automatic Tunneling 5.1.2 Configured Tunneling 5.2 Dual Stack 5.3 Translation 5.4 Migration Strategies for Telcos and ISPs Introduction - Transition - the process or a period of changing
More informationWiNG 5.x How-To Guide
WiNG 5.x How-To Guide Tunneling Remote Traffic using L2TPv3 Part No. TME-08-2012-01 Rev. A MOTOROLA, MOTO, MOTOROLA SOLUTIONS and the Stylized M Logo are trademarks or registered trademarks of Motorola
More informationEnterprise SD-WAN Financial Profile (Hybrid WAN, Segmentation, Quality of Service, Centralized Policies)
CVP CVP Enterprise SD-WAN Financial Profile (Hybrid WAN, Segmentation, Quality of Service, Centralized Policies) 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
More informationFailover for High Availability
This chapter describes how to configure Active/Standby or Active/Active failover to accomplish high availability of the Cisco ASA. About Failover, page 1 Licensing for Failover, page 25 Guidelines for
More informationQUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS
APPLICATION NOTE QUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS Configuring Basic Security and Connectivity on Branch SRX Series Services Gateways Copyright 2009, Juniper Networks, Inc. Table
More information5G NSA for MME. Feature Summary and Revision History
Feature Summary and Revision History, on page 1 Feature Description, on page 2 How It Works, on page 5 Configuring, on page 10 Monitoring and Troubleshooting, on page 13 Feature Summary and Revision History
More informationMax sessions (IPv4 or IPv6) 500, , ,000
PA-3060 PA-3050 PA-3020 Feature Performance App-ID firewall throughput 4 Gbps 4 Gbps 2 Gbps Threat prevention throughput 2 Gbps 2 Gbps 1 Gbps IPSec VPN throughput 500 Mbps 500 Mbps 500 Mbps Connections
More informationCisco ASR 5000 Series Small Cell Gateway
Data Sheet Cisco ASR 5000 Series Small Cell Gateway Mobile subscribers want access to the network at home, work, hotspots, and everywhere in between. This requires mobile operators to expand their service
More information*Performance and capacities are measured under ideal testing conditions using PAN-OS 8.0. Additionally, for VM
VM-300 VM-200 VM-100 Feature Performance *Performance and capacities are measured under ideal testing conditions using PAN-OS 8.0. Additionally, for VM models please refer to hypervisor, cloud specific
More informationGRE and DM VPNs. Understanding the GRE Modes Page CHAPTER
CHAPTER 23 You can configure Generic Routing Encapsulation (GRE) and Dynamic Multipoint (DM) VPNs that include GRE mode configurations. You can configure IPsec GRE VPNs for hub-and-spoke, point-to-point,
More informationETSI TS V ( )
Technical Specification LTE; Evolved Universal Terrestrial Radio Access Network (E-UTRAN); General aspects and principles for interfaces supporting Multimedia Broadcast Multicast Service (MBMS) within
More informationHillstone IPSec VPN Solution
1. Introduction With the explosion of Internet, more and more companies move their network infrastructure from private lease line to internet. Internet provides a significant cost advantage over private
More informationA-B I N D E X. backbone networks, fault tolerance, 174
I N D E X A-B access links fault tolerance, 175 176 multiple IKE identities, 176 182 single IKE identity with MLPPP, 188 189 with single IKE identity, 183 187 active/standby stateful failover model, 213
More informationIngate Firewall & SIParator Product Training. SIP Trunking Focused
Ingate Firewall & SIParator Product Training SIP Trunking Focused Common SIP Applications SIP Trunking Remote Desktop Ingate Product Training Common SIP Applications SIP Trunking A SIP Trunk is a concurrent
More informationHP A-F1000-A-EI_A-F1000-S-EI VPN Firewalls
HP A-F1000-A-EI_A-F1000-S-EI VPN Firewalls VPN Configuration Guide Part number:5998-2652 Document version: 6PW100-20110909 Legal and notice information Copyright 2011 Hewlett-Packard Development Company,
More informationEnterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.
2 CHAPTER Cisco's Disaster Recovery as a Service (DRaaS) architecture supports virtual data centers that consist of a collection of geographically-dispersed data center locations. Since data centers are
More informationImplementing AutoVPN Network Design Using the SRX Series with ibgp as the Dynamic Routing Protocol
APPLICATION NOTE Introduction to AutoVPN Implementing AutoVPN Network Design Using the SRX Series with ibgp as the Dynamic Routing Protocol Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Introduction...3
More informationGTP-based S2b Interface Support on the P-GW and SAEGW
GTP-based S2b Interface Support on the P-GW and SAEGW This chapter describes the GTP-based S2b interface support feature on the standalone P-GW and the SAEGW. Feature, page 1 How the S2b Architecture Works,
More informationIntroduction to Cisco ASR 9000 Series Network Virtualization Technology
White Paper Introduction to Cisco ASR 9000 Series Network Virtualization Technology What You Will Learn Service providers worldwide face high customer expectations along with growing demand for network
More informationOver-The-Top (OTT) Aggregation Solutions
Over-The-Top (OTT) Aggregation Solutions Omkar Dharmadhikari, Wireless Architect odharmadhikari@cablelabscom CableLabs February 12, 2019 Agenda Introduction Why aggregation is important? Traditional Aggregation
More informationEvolved Backhaul and Transport Critical for Service Innovation and Data Profitability. Director, Backhaul Solutions Juniper Networks
Evolved Backhaul and Transport Critical for Service Innovation and Data Profitability Ananth Nagarajan Ananth Nagarajan Director, Backhaul Solutions Juniper Networks SMARTPHONE + VIDEO: CREATING A REVOLUTION
More informationQuestion No : 1 Which three options are basic design principles of the Cisco Nexus 7000 Series for data center virtualization? (Choose three.
Volume: 162 Questions Question No : 1 Which three options are basic design principles of the Cisco Nexus 7000 Series for data center virtualization? (Choose three.) A. easy management B. infrastructure
More informationSimulation of LTE Signaling
Simulation of LTE Signaling 1 Florin SANDU, 2 Szilárd CSEREY, 3 Eugen MILE-CIOBANU 1 "Transilvania University of Brasov Bd Eroilor nr. 29A RO-500036 Brasov sandu@unitbv.ro, 2,3 SIEMENS Program and System
More information