Avaya 1001S, 1001, 1002, 1004, 3210 Application And Qualification Manual
Avaya Secure Router
1001S/1001/1002/1004/3210
Application and Qualification Guide
Avaya Secure Router 100x and 3120
Technical Solution Guide
Avaya Data Solutions
Document Date: October_2010
Document Number: NN48500-528
Document Version: 02.01
1
October_2010
avaya.com
© 2010 Avaya Inc.
All Rights Reserved.
Notices
While reasonable efforts have been made to ensure that the information in this document is complete and accurate at the time of printing,
Avaya assumes no liability for any errors. Avaya reserves the right to make changes and corrections to the information in this document
without the obligation to notify any person or organization of such changes.
Documentation disclaimer
Avaya shall not be responsible for any modifications, additions, or deletions to the original published version of this documentation unless
such modifications, additions, or deletions were performed by Avaya. End User agree to indemnify and hold harmless Avaya, Avaya’s
agents, servants and employees against all claims, lawsuits, demands and judgments arising out of, or in connection with, subsequent
modifications, additions or deletions to this documentation, to the extent made by End User.
Link disclaimer
Avaya is not responsible for the contents or reliability of any linked Web sites referenced within this site or documentation(s) provided by
Avaya. Avaya is not responsible for the accuracy of any information, statement or content provided on these sites and does not necessarily
endorse the products, services, or information described or offered within them. Avaya does not guarantee that these links will work all the
time and has no control over the availability of the linked pages.
Warranty
Avaya provides a limited warranty on this product. Refer to your sales agreement to establish the terms of the limited warranty. In addition,
Avaya’s standard warranty language, as well as information regarding support for this product, while under warranty, is available to Avaya
customers and other parties through the Avaya Support Web site: http://www.avaya.com/support
Please note that if you acquired the product from an authorized reseller, the warranty is provided to you by said reseller and not by Avaya.
Licenses
THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA WEBSITE, HTTP://SUPPORT.AVAYA.COM/LICENSEINFO/ ARE
APPLICABLE TO ANYONE WHO DOWNLOADS, USES AND/OR INSTALLS AVAYA SOFTWARE, PURCHASED FROM AVAYA INC.,
ANY AVAYA AFFILIATE, OR AN AUTHORIZED AVAYA RESELLER (AS APPLICABLE) UNDER A COMMERCIAL AGREEMENT WITH
AVAYA OR AN AUTHORIZED AVAYA RESELLER. UNLESS OTHERWISE AGREED TO BY AVAYA IN WRITING, AVAYA DOES NOT
EXTEND THIS LICENSE IF THE SOFTWARE WAS OBTAINED FROM ANYONE OTHER THAN AVAYA, AN AVAYA AFFILIATE OR AN
AVAYA AUTHORIZED RESELLER, AND AVAYA RESERVES THE RIGHT TO TAKE LEGAL ACTION AGAINST YOU AND ANYONE ELSE
USING OR SELLING THE SOFTWARE WITHOUT A LICENSE. BY INSTALLING, DOWNLOADING OR USING THE SOFTWARE, OR
AUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM YOU ARE INSTALLING,
DOWNLOADING OR USING THE SOFTWARE (HEREINAFTER REFERRED TO INTERCHANGEABLY AS "YOU" AND "END USER"),
AGREE TO THESE TERMS AND CONDITIONS AND CREATE A BINDING CONTRACT BETWEEN YOU AND AVAYA INC. OR THE
APPLICABLE AVAYA AFFILIATE ("AVAYA").
Copyright
Except where expressly stated otherwise, no use should be made of the Documentation(s) and Product(s) provided by Avaya. All content in
this documentation(s) and the product(s) provided by Avaya including the selection, arrangement and design of the content is owned either
by Avaya or its licensors and is protected by copyright and other intellectual property laws including the sui generis rights relating to the
protection of databases. You may not modify, copy, reproduce, republish, upload, post, transmit or distribute in any way any content, in
whole or in part, including any code and software. Unauthorized reproduction, transmission, dissemination, storage, and or use without the
express written consent of Avaya can be a criminal, as well as a civil offense under the applicable law.
Third Party Components
Certain software programs or portions thereof included in the Product may contain software distributed under third party agreements ("Third
Party Components"), which may contain terms that expand or limit rights to use certain portions of the Product ("Third Party Terms").
Information regarding distributed Linux OS source code (for those Products that have distributed the Linux OS source code), and identifying
the copyright holders of the Third Party Components and the Third Party Terms that apply to them is available on the Avaya Support Web
site: http://support.avaya.com/Copyright.
Trademarks
The trademarks, logos and service marks ("Marks") displayed in this site, the documentation(s) and product(s) provided by Avaya are the
registered or unregistered Marks of Avaya, its affiliates, or other third parties. Users are not permitted to use such Marks without prior written
consent from Avaya or such third party which may own the Mark. Nothing contained in this site, the documentation(s) and product(s) should
be construed as granting, by implication, estoppel, or otherwise, any license or right in and to the Marks without the express written
permission of Avaya or the applicable third party. Avaya is a registered trademark of Avaya Inc. All non-Avaya trademarks are the property of
their respective owners.
Downloading documents
For the most current versions of documentation, see the Avaya Support. Web site: http://www.avaya.com/support.
Contact Avaya Support
Avaya provides a telephone number for you to use to report problems or to ask questions about your product. The support telephone number
is 1-800-242-2121 in the United States. For additional support telephone numbers, see the Avaya Web site: http://www.avaya.com/support.
Secure Router 100x and 3120 Technical Solution Guide
Application and Qualification Guide
2
October_2010
avaya.com
Abstract
This guide should serve as an application qualification guide for the Avaya Secure Router 1001S, 1001,
1002, 1004 and 3120 running NT2.0 software. It includes a brief overview of the products as well as
clearly identified applications. In addition there is a section that can be used to quickly determine if the
current product offering meets customers requirements based on a number of simple questions. In any
case it is critical that the project assessment be completed in full as this will serve to identify future
product opportunities and areas of focus. If you require assistance please contact your regional sales or
engineering resource for support.
Secure Router 100x and 3120 Technical Solution Guide
Application and Qualification Guide
3
October_2010
avaya.com
Table of Contents
1. Introduction........................................................................................................................................ 4
1.1 Differentiators ................................................................................................................................ 4
1.2 Portfolio Overview ......................................................................................................................... 5
2. Project Assessment .......................................................................................................................... 7
3. Does Avaya Secure Router 100X/3120 Meet the Requirements? ................................................. 8
4. Applications ..................................................................................................................................... 10
4.1 Maximizing WAN Investment ...................................................................................................... 10
4.2 Multimedia QoS ........................................................................................................................... 12
4.3 Internet Gateway ......................................................................................................................... 14
4.4 Business Continuity ..................................................................................................................... 16
4.5 Multicast ...................................................................................................................................... 18
4.6 Virtual Private Networking ........................................................................................................... 19
4.7 Security ....................................................................................................................................... 21
4.8 Virtual Ethernet............................................................................................................................ 23
4.9 RFC2547 CE ............................................................................................................................... 25
4.10 Multi-Hospitality Unit Services ..................................................................................................... 27
4.11 WAN Aggregation ....................................................................................................................... 29
5. Appendix A: Application Layer Gateway Support ....................................................................... 31
6. Appendix B: Denial of Service Prevention Support .................................................................... 32
7. Appendix C: Competitive Analysis ................................................................................................ 33
8. Appendix D: Tolly Results .............................................................................................................. 37
9. Appendix E: Avaya Secure Router in a Nutshell ......................................................................... 38
10. Appendix F: FAQ ............................................................................................................................. 40
11. Customer service ............................................................................................................................ 42
11.1 Getting technical documentation ................................................................................................. 42
11.2 Getting product training ............................................................................................................... 42
11.3 Getting help from a distributor or reseller .................................................................................... 42
11.4 Getting technical support from the Avaya Web site .................................................................... 42
Secure Router 100x and 3120 Technical Solution Guide
Application and Qualification Guide
4
October_2010
avaya.com
1. Introduction
The Avaya Secure Router portfolio is a high-performance portfolio of enterprise routers that provide
Avaya with leadership in delivering multiple services with superior throughput, QoS and security. Avaya
Secure Routers combine robust IP routing, flexible WAN connectivity and security in a single costeffective device. Ideal for enterprise branch, remote or regional site environments, Secure Routers are
optimized to deliver the low-latency, high packet throughput required by IP telephony and multimedia
applications.
1.1 Differentiators
The SR portfolio provides the following competitive differentiators for Avaya:
1) The portfolio strengthens Avaya’s position as one of the few companies in the industry delivering
end-to-end converged IP telephony and multimedia networks for real-time communications.
Avaya Secure Routers demonstrate our commitment to enterprise customers by providing them
with an entire converged multimedia networking infrastructure.
2) Avaya Secure Routers excel at the low-latency, small packet throughput required by highdemand applications, like VoIP, and are able to deliver consistent wire-speed throughput even
with advanced services enabled. Secure Router performance under load has been
independently verified by Tolly to provide between two and seven times the performance of
competing routers:
“The 3120 CSR delivers more than double the throughput of the Cisco 3825 and as much
as four times greater throughput than the Cisco 2821 when tested over a point-to-point
DS3 connection. The 3120 CSR outperforms Cisco 2821 routers, delivering more than
4X the throughput when tested across a group of eight point-to-point T1 connections.”
3) The Secure Router portfolio provides leading edge QoS capabilities with hierarchical scheduling
using an unlimited number of class definitions across 8 priority levels. This allows the SR to meet
stringent SLA requirements and provide comprehensive service differentiation across the WAN.
4) Multiple levels of reliability are provided with the platforms including dual power supplies for the
3120, Multilink PPP, Multilink Frame Relay (both FRF.15 and FRF.16), VRRP (3 modes), and a
backup dial interface on the SR 1001, all without the use of a hard drive.
5) The SR portfolio provides leading edge performance in an extremely cost effective package
delivering typical cost savings of 30-40% over leading competitive products.
6) The SR portfolio supports IPSec based VPNs as well as full network address translation and
stateful firewall services. In addition it supports DoS prevention for over 60 well known attacks as
well as over 30 application layer gateways for seamless security operation.
Secure Router 100x and 3120 Technical Solution Guide
Application and Qualification Guide
5
October_2010
avaya.com
1.2 Portfolio Overview
The Secure Router 1000 & 3120 series are part of Avaya’s Secure Router product family.
Secure Router 1000 Series, which deliver fast, secure, reliable and scalable wide area network (WAN)
T1/E1 access for enterprises. These powerful platforms provide consistent high-speed throughput with no
degradation in performance - even with advanced services enabled. Ideal for installation in enterprise
remote sites and branch offices, the Secure Router 1000 Series combines high performance and a robust
feature set, making them an extraordinary value. The Secure Router 1000 series includes the following
models:
Secure Router 1001S – provides 1 serial WAN port and options for back-up ISDN
Secure Router 1001 – provides 1 T1/E WAN port and options for back-up ISDN
Secure Router 1002 – provides up to 2 T1/E1 WAN ports
Secure Router 1004 – provides up to 4 T1/E1 WAN ports
The Secure Router 3120 is a powerful modular system that converges routing, security and multimedia
traffic forwarding in a single cost-effective platform. Delivering fast, secure, reliable and scalable wide
area network (WAN) access, the Secure Router 3120 is perfect for enterprises requiring high-speed IP or
Internet access. Combining high performance, robust routing and flexible WAN connectivity, the Secure
Router 3120 is targeted at larger branch and regional enterprise environments. The Secure Router 3120
provides two slots for the following option cards:
4-port T1/E1 module card
8-port T1/E1 module card
2-port Serial Interface module card
4-port Serial Interface module card
1-port DS3 Clear Channel T3 module card
In addition to providing multiple levels of reliability these platforms offer extensive hierarchical QoS,
stateful firewalling, address translation, BGP routing, VPN with a variety of WAN interface options
including T1/E1, V.35 and DS3. In addition all models provide 2 ports of 10/100 Ethernet.
The following list highlights some of the basic functionality. For more information please see the online
product documentation
Physical
T1
Fractional T1
E1
Fractional E1 (G.703)
ISDN BRI (SR 1001 only)
V.35
X.21 (Introduced in NT2.0)
DS0
Ethernet
DS3 Clear Channel T3 (SR3120 only)
Layer 2
Frame Relay including MFR (i.e. FRF.15 and FRF.16)
PPP including MLPPP
HDLC
Secure Router 100x and 3120 Technical Solution Guide
Application and Qualification Guide
6
October_2010
avaya.com
802.1p
802.1Q
QinQ
Ethernet
Virtual Ethernet VPN
Layer 3
RIP
OSPF
VRRP
BGP4
PIM-SM
PIM-SSM
IGMPv1
IGMPv2
IGMPv3
DHCP
RADIUS
ECMP
Services
Stateful Firewall
NAT
Access Control Lists
Class Based Queuing (Ethernet interface support introduced in NT2.0)
Policing
ALGs (over 30)
IPSec
GRE
IP-IP
All SR platforms provide wirespeed WAN throughput with firewall and QoS enabled as follows:
SR 1001S 1xserial
SR 1001 1xT1/E1
SR 1002 2xT1/E1
SR 1004 4xT1/E1
SR 3120 2xDS3
In addition models shipping with 256MB of memory (i.e. SR 1002, SR 1004 and SR 3120) support
550,000 BGP routes with 150,000 total active routes.
Secure Router 100x and 3120 Technical Solution Guide
Application and Qualification Guide
7
October_2010
avaya.com
Project name
Customer name
Number of sites
Bandwidth per site
WAN interface type
LAN interface type
Services
Yes
No
Firewall
NAT
QoS
VPN
Redundancy
2. Project Assessment
The following should be filled out completely for every product assessment. This data will serve to
identify future directions and market placement for the Avaya Secure Router family.
Secure Router 100x and 3120 Technical Solution Guide
Application and Qualification Guide
8
October_2010
avaya.com
3. Does Avaya Secure Router 100X/3120 Meet the Requirements?
The following list of questions can be used to quickly determine if the current SR portfolio product offering
meets customer’s requirements which could prevent it from being an immediate fit for shorter term
opportunities. Note that some of these gaps have workarounds or will be addressed in future releases.
1) Do you require GE interface support?
SR 1000 and 3000 support only 10/100. These ports can be used as either WAN or LAN interfaces.
Class Based Queuing is also supported as of NT2.0.
2) Do you require X.21 interfaces?
X.21 support on both SR 1000 and 3000 was introduced with NT2.0. In addition ISDN BRI, V.35, T1/E1,
DS3 and Ethernet interfaces are supported on applicable models. Layer 2 support includes PPP, HDLC,
FR, VLAN, QinQ and native Ethernet.
3) Do you require IPv6?
Although this is on the roadmap it is highly unlikely it will be supported anytime prior to 2008. SR4134
introduced in 2H07 supports IPv6. This software stream will eventually merge with SR 1000 and 3000
(2008).
4) Do you require BGP Route Reflection?
The SR portfolio supports a full featured BGP implementation however RR is currently not supported.
Generally given the position of the 1000 and 3000 at the boundary of a customer environment it is very
unlikely that this would be required.
5) Do you require a DSL interface?
The SR 1000 and 3000 do not support a DSL interface natively. They do however support a PPPoE
client and can be paired with either a DSL or Cable modem for specific applications.
6) Do you require CBQ on Ethernet interfaces (i.e. Ethernet WAN application)?
CBQ on both SR 1000 and 3000 was introduced with NT2.0. The SR 1000 and 3000 have only 2
Ethernet ports. While these ports can serve as WAN connections they will not operate at wirespeed.
7) Do you require 100Mbps throughput with full firewalling and QoS?
The SR 1000 and 3000 support wire speed WAN only meaning that LAN to LAN or LAN to WAN Ethernet
will not necessarily sustain wirespeed with all services enabled.
8) Do you require support for the full Internet routing table?
Secure Router 100x and 3120 Technical Solution Guide
Application and Qualification Guide
9
October_2010
avaya.com
The SR 1000 and 3000 support 550K BGP routes with 150K active system routes. The current Internet
routing table is around 180K and must be filtered using an inbound policy to reduce the number of
imported routes into the active routing table.
9) Do you require SSL termination?
The SR 1000 and 3000 do not support SSL termination. They do support IPSec termination for remote
access and branch to branch tunnels.
10) Do you require Local Language Manuals?
SR documentation is currently available only in English.
11) Do you require SNMPv3 for management?
The SR 1000 and 3000 do not currently support SNMPv3 and are unlikely to do so prior to 2H2007.
12) Do you require ATM interfaces?
The SR 1000 and 3000 do not currently support ATM and are unlikely to do so prior to 2H2007.
13) Do you require native voice to H.323 or SIP gateway functionality?
The SR 1000 and 3000 do not support native voice to SIP/H.323 gateways however they do support a
comprehensive set of QoS features as well as Application Layer Gateways for 30+ common protocols
including SIP and H.323.
Secure Router 100x and 3120 Technical Solution Guide
Application and Qualification Guide
10
October_2010
avaya.com
4. Applications
The following sections identify several key applications in which the Avaya Secure Router excels. Keep
in mind that these applications are technology focused. An additional benefit of the SR products is their
low cost relative to leading competitors.
4.1 Maximizing WAN Investment
What:
Line rate WAN throughput with full services applied and support for multilink PPP and FR.
Who:
Customer’s looking to maximize their investment in WAN T1/E1 and DS0 interfaces.
Why:
SR provides a cost effective alternative that allows Enterprises to capitalize on their WAN investment
without having to migrate to new WAN technologies by supporting wirespeed throughput and bonding of
multiple WAN interfaces.
When:
Available today
Where:
Predominantly NA focused interfaces. SR does not support ATM, DSL or GE. It does however support a
PPPoE client which can be used with an external DSL or Cable modem.
How:
SR 100X and SR 3120 both provide full line rate performance across all WAN interfaces with full
firewalling and QoS applied. Although there is additional horsepower that may allow bursting to full
Ethernet speeds and beyond, the box is designed to be deployed using specified WAN interface. As
such wirespeed only applies to WAN interfaces. In general when planning the box should be engineered
as follows:
SR 1001S Max bandwidth 1xserial (i.e. 6Mbps)
SR 1001 Max bandwidth T1/E1
SR 1002 Max bandwidth 2xT1/E1
SR 1004 Max bandwidth 4xT1/E1
SR 3120 Max bandwidth 2xDS3
Secure Router 100x and 3120 Technical Solution Guide
Application and Qualification Guide
11
October_2010
avaya.com
These bandwidths are bidirectional and are with firewalling and QoS enabled.
SR also supports multilinking of multiple PPP encapsulated WAN interfaces as well as FRF.15 and
FRF.16 for multilink frame relay. These solutions enable incremental and cost-effective growth of WAN
connectivity.
Notes:
Ethernet interfaces are not considered WAN interfaces and although they may also achieve line rate
performance under specific conditions this throughput is not guaranteed. Further, policing and class
based queuing can be applied as well as all other features in the box.
Secure Router 100x and 3120 Technical Solution Guide
Application and Qualification Guide
12
October_2010
avaya.com
4.2 Multimedia QoS
What:
Comprehensive QoS for multimedia applications including low latency and line rate performance enables
advanced QoS for services like voice and video.
Who:
Customers looking to differentiate traffic and applications, specifically voice and multimedia.
Why:
SR hierarchical QoS enables Enterprises to manage traffic and applications across the WAN with
significantly more control than typical edge routers.
When:
Available today
Where:
Worldwide. Hierarchical QoS is available on all ports with the exception of no CBQ on Ethernet
interfaces.
How:
The secure router provides an effective mechanism for sharing and prioritizing applications over WAN
interfaces by implementing Random Early Detection (RED) to address congestion and Class Based
Queuing (CBQ) to address traffic policing.
SR 100X and SR 3120 both provide hierarchical classification with an unlimited number of classes. A
class is defined by a class name, an associated parent class, and a committed and burst bandwidth. The
committed bandwidth specifies the guaranteed bandwidth for that class while the burst bandwidth
specifies the amount of bandwidth that can be borrowed when available. Packets are identified as
belonging to a specific class using the criteria below:
Application level
Application ports (TCP or UDP)
Network level
Source or destination IP addresses, address ranges, or subnets
Ethernet MAC level
VLAN identifiers
Secure Router 100x and 3120 Technical Solution Guide
Application and Qualification Guide
Loading...