The BANDIT Device in the Network



Similar documents
enetworks TM BANDIT, C2C, and VSR-1200 Document Set List of Groups and Modules

Configuring a BANDIT Product for Virtual Private Networks

! encor e networks TM

! encor en etworks TM

Chapter 2 - The TCP/IP and OSI Networking Models

This chapter discusses Synchronous Data Link Control (SDLC) protocols that you can configure on a BANDIT device s ports. See the following sections:

The BANDIT Products in Virtual Private Networks

High Performance VPN Solutions Over Satellite Networks

! encor e networks TM

Post-Class Quiz: Telecommunication & Network Security Domain

SSVP SIP School VoIP Professional Certification

SSVVP SIP School VVoIP Professional Certification

Networking 4 Voice and Video over IP (VVoIP)

Section 11.1, Simple Network Management Protocol. Section 11.2, Port Data Capture

Chapter 5. Data Communication And Internet Technology

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

Load Balance Router R258V

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R

GPRS and 3G Services: Connectivity Options

! encor e networks TM

GPRS / 3G Services: VPN solutions supported

WANs connect remote sites. Connection requirements vary depending on user requirements, cost, and availability.

How To Use A Network Over The Internet (Networking) With A Network (Netware) And A Network On A Computer (Network)

District of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification

Gigabit Multi-Homing VPN Security Router

GHz g. Wireless-G. User Guide. ADSL Gateway with 2 Phone Ports WIRELESS WAG54GP2. Model No.

WAN Data Link Protocols

This course has been retired. View the schedule of current <a href=

How To Set Up A Netvanta For A Pc Or Ipad (Netvanta) With A Network Card (Netvina) With An Ipa (Net Vanta) And A Ppl (Netvi) (Netva)

Cisco Which VPN Solution is Right for You?

Model 2120 Single Port RS-232 Terminal Server Frequently Asked Questions

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

DL TC72 Communication Protocols: HDLC, SDLC, X.25, Frame Relay, ATM

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

Gigabit SSL VPN Security Router

L2F Case Study Overview

Gigabit Content Security Router

"Charting the Course...

The Product Description of SmartAX. MT882 ADSL2+ Router

Configure ISDN Backup and VPN Connection

TK C -25 C 95% RH EMC TK701G TK701U TK704G TK704U TK704W. TK-Series Cellular Router

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

UIP1868P User Interface Guide

Cisco Integrated Services Routers Performance Overview

Using Remote Desktop Software with the LAN-Cell

Configuring T1 and E1 WAN Interfaces

Procedure: You can find the problem sheet on Drive D: of the lab PCs. Part 1: Router & Switch

WANic 800 & or 2 HSSI ports Up to 52 Mbps/port. WANic 850 & or 2 T3 or E3 ports Full-speed CSU/DSU. WANic 880.

Avaya IP Office. Converged Communications. Contact Centres Unified Communication Services

Quidway AR 18-1X Series Router Datasheet

Cisco 1600 Series Modular Desktop Access Routers

Galileo International. Firewall & Proxy Specifications

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

DSL-2600U. User Manual V 1.0

VPN. Date: 4/15/2004 By: Heena Patel

Enterprise Edge Communications Manager. Data Capabilities

WAN Failover Scenarios Using Digi Wireless WAN Routers

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

How To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses

Notes Odom, Chapter 4 Flashcards Set:

3G uplink for Primary or Backup; Support L2TP VPN, Firewall, Anti-DoS, Anti-ARP, Anti-Scanning;

CTS2134 Introduction to Networking. Module 07: Wide Area Networks

Total solution for your network security. Provide policy-based firewall on scheduled time. Prevent many known DoS and DDoS attack

RMON, the New SNMP Remote Monitoring Standard Nathan J. Muller

Product Overview. Features CHAPTER

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Data Link Protocols. TCP/IP Suite and OSI Reference Model

IP Networking. Overview. Networks Impact Daily Life. IP Networking - Part 1. How Networks Impact Daily Life. How Networks Impact Daily Life

11/22/

VOIP-211RS/210RS/220RS/440S. SIP VoIP Router. User s Guide

Downloaded from manuals search engine

Cisco RV215W Wireless-N VPN Router

How To Set Up A Cisco Rv110W Wireless N Vpn Network Device With A Wireless Network (Wired) And A Wireless Nvv (Wireless) Network (Wireline) For A Small Business (Small Business) Or Remote Worker

Introduction. Technology background

DMP Network Monitoring

Getting Started KX-TDA5480

How To Learn Cisco Cisco Ios And Cisco Vlan

AP200 VoIP Gateway Series Design Features & Concept AddPac R&D Center

EdgeMarc 4508T4/4508T4W Converged Networking Router

Octal T1-10/100 RIOP Installation Guide

WAN Technology. Heng Sovannarith

X.25 over IP. The Challenge. How it Works. Solution

IP Router QUICK START GUIDE

Transport and Network Layer

Getting Started. 16-Channel VoIP Gateway Card. Model No. KX-TDA0490

enetworks TM Using the Syslog Feature C.1 Configuring the Syslog Feature

Leased Line PPP Connections Between IOS and HP Routers

GregSowell.com. Mikrotik Basics

Intranet Security Solution

Chapter 12 Supporting Network Address Translation (NAT)

Using a Sierra Wireless AirLink Raven X or Raven-E with a Cisco Router Application Note

Unified Services Routers

TSC (Total Solution Communications Ltd)

Magnum Network Software DX

ECB1220R. Wireless SOHO Router/Client Bridge

TDM services over IP networks

Gigabit Multi-Homing VPN Security Router

Broadband Phone Gateway BPG510 Technical Users Guide

Application Note. Pre-Deployment and Network Readiness Assessment Is Essential. Types of VoIP Performance Problems. Contents

Transcription:

encor! enetworks TM Version A.1, March 2010 2013 Encore Networks, Inc. All rights reserved. The BANDIT Device in the Network The BANDIT II and the BANDIT III, ROHS-compliant routers in the family of BANDIT (Broadband Access Network Device for Intelligent Termination ) products, provide a strong combination of security, diagnostics, and network management features for Virtual Private Network (VPN) applications and for support of legacy protocols over IP networks. The BANDIT II is a streamlined desktop model; it complies with the European Union s directive on Reduction of Hazardous Substances (ROHS). The BANDIT III is a full-featured tabletop model, built to withstand environments encountered in support of utility networks. It also complies with ROHS. The BANDIT II and the BANDIT III can support legacy protocols, or VPN tunnels, or both. When a VPN requires tunnel termination between the central office and its remote user sites, the BANDIT II and the BANDIT III can each terminate up to 30 VPN tunnels at remote locations. Access to Encore Networks extensive protocol library provides seamless connection to the Internet. And the BANDIT III s automatic dial backup feature guarantees reliable network performance. Figure 1-1 illustrates how a BANDIT product can play an integral part in typical network applications. Figure 1-1. Typical VPN Network Application For information on trademarks, safety, limitations of liability, and similar topics, see Notices. Home Module: Product Overview Document 1

Page 2 Product Overview Module, Document 1 1.1 Features The BANDIT products support VPNs and perform legacy-to-ip protocol encapsulation. The BANDIT products provide a rich array of features: Hardware-assisted VPN security options Auto-initiated dial backup Extensive statistics for network monitoring Remote datascope for port capture Generic management capability via comprehensive SNMP and intelligent traps that guarantee data delivery Remote software control of clock source (internal clocking or loop-timed clocking) from the network RS-232 interface support (DCE or DTE) on all serial ports Direct Ethernet connections via 10/100-Base-T RJ45 connectors One or two CDMA, GPRS GSM, or EDGE GSM wireless connections Data routing over IP (Encapsulates specific protocols within IP packets and routes the IP packets to destination IP addresses.) Data routing over Frame Relay (Encapsulates and routes specific protocols over DLCs according to protocol addresses.) On the dual T1/E1 expansion port module: Drop-and-insert capability for transmission of data packets and voice packets over a common T1 or E1 line Support of legacy protocols transported over IP or Frame Relay Dedicated local Supervisory port with menu-driven interface Remote configuration and management via Telnet or SNMP, accessed through any IP data stream into the unit Multiple levels of password protection Reception and transmission of ping in IP environments Maintenance of configuration in non-volatile memory, to recover from power outages Inclusion of Flash memory to allow easy upgrades Connection to -24/-48 V DC or -12/-24 V DC power source, or to external low-voltage power supply for adaptability to 100V AC to 240V AC power source, or to both In addition, the BANDIT products allow you to connect virtually any data communications equipment to access Frame Relay network services. In this way, you can extend the useful life of installed applications and equipment that do not support direct connection to a Frame Relay network. 1.2 Functionality The BANDIT products support IP, Frame Relay, PPP, and X.25. The BANDIT III also supports a V.90/V.92 modem. The BANDIT II and the BANDIT III can each support up to

The BANDIT Device in the Network Page 3 30 VPN tunnels. In addition, the BANDIT II and BANDIT III support VPN clients for connection from remote, temporary sites. The BANDIT II or BANDIT III can function as any of the following devices: Network access device (using its FRAD functionality) IP router IP firewall Terminal server Wired or wireless gateway VPN gateway 1.2.1 The Networking Environment The BANDIT products can operate in a broad range of communications environments and can support a wide variety of applications for example: Users with IBM equipment using the Synchronous Data Link Control (SDLC) protocol can enjoy the benefits of higher speed, greater reliability, and substantially reduced line costs inherent in most Frame Relay networks. Local Area Network (LAN) users can take advantage of built-in IP routing. Multiport units allow legacy applications such as SNA and asynchronous traffic to be carried along with LAN internetworking traffic through a single Frame Relay network interface. The BANDIT products can use generic route encapsulation (GRE) to carry Frame Relay over the Internet Protocol (IP). With this feature, all legacy protocols that Frame Relay can carry can travel over IP networks, including the internet. Equipment using asynchronous protocols through dial back-up modems, such as the Unix-to-Unix Copy Program (UUCP), can be connected through a highly reliable digital Frame Relay interface, which can be configured for speeds up to 115.2 kbps. Users with an investment in X.25 networking equipment have two options: - They can use X.25 as a network protocol in the unit, assigning VCs to Data Link Connection Identifiers (DLCIs) in order to direct data through the network. - They can replace the underlying X.25 network with lower-cost, higher-performance Frame Relay service by using the unit to maintain an X.25-compatible interface to the terminal equipment (using the Annex G capability provided in the unit). 1.2.2 Wireless Connectivity The BANDIT II and BANDIT III support connection to CDMA, EVDO, GPRS GSM, and EDGE GSM wireless networks. 1.2.3 Encapsulation, Routing, and Protocol Emulation The BANDIT products provide three levels of support encapsulation, routing, and protocol emulation depending on the specific protocol being carried.

Page 4 Product Overview Module, Document 1 1.2.3.1 Encapsulation Encapsulation is a method of packaging data of one protocol into packets, cell, or frames of another protocol. This is used to send data of one protocol over a network of a different protocol. For example, one can send data of a given protocol over a Frame Relay network by adding Frame Relay formatting to the data. Encapsulation works with a wide variety of protocols because a device is not required to have knowledge of the original protocol (that is, the encapsulated protocol); it does not use any information contained in the original protocol to route the information. The BANDIT III can encapsulate data over the protocols listed in Table 1-1. Table 1-1. Protocol Routing Protocols Routing Method IP: SLIP, PPP, Ethernet, generic By IP address to support meshed LAN route encapsulation (GRE) environments Point-to-Point Protocol over By MAC address of the destination node, Ethernet (PPPoE) encapsulated inside Ethernet packets SDLC/SNA By SDLC address to emulate multi-drop lines X.25 By X.121 address to emulate a switched X.25 environment Frame Relay By DLCI to act as a Frame Relay concentrator or Frame Relay switch (feeding Frame Relay streams to other Frame Relay-compatible devices) In most types of networks, header information in the packets or cells of the encapsulating protocol are used to route the data to its destination. In Frame Relay networks, encapsulation results in a point-to-point circuit in which data cannot be routed independently. A multi-port unit can carry several of these point-to-point circuits over a single Frame Relay interface. With encapsulation, the unit determines which PVC to use based on the physical user port carrying the data. Frame Relay encapsulation in the BANDIT works as follows: 1 The unit accepts data from a terminal device. 2 The data is encapsulated with a Frame Relay-compatible packet header and trailing CRC. 3 The data is transmitted over a Frame Relay network. 4 The Frame Relay envelope is removed at the remote end to recreate the original protocol. 1.2.3.2 Routing Routing is a method of relaying data over networks. IP routing uses RIP or static tables to send packets to their destinations. A Frame Relay network uses addresses to determine the destination. For certain protocols, the BANDIT examines the addressing information contained in the original data to determine which PVC will carry the data. As a result, the unit can emulate multipoint networks by routing information according to the protocol address. Protocols are routed as shown in Table 1-1.

The BANDIT Device in the Network Page 5 1.2.3.3 Protocol Emulation The BANDIT uses protocol emulation (also known as spoofing ) to act as a polling device when relaying traffic. Polled protocols use communications lines more efficiently, often using multi-drop architectures. To allow multiple devices to relay traffic through a single communications line, one device is configured as a master. This master device controls communications with all other devices on the line (the slaves). In this configuration, the master polls the slaves to see if they have any data to transmit. The master also selects slaves to receive its information. 1.2.4 Virtual Private Networks A virtual private network (VPN) comprises two or more private endpoints transmitting secure communication over a public network. Software at each endpoint encrypts data and then tunnels the data over the public network. Tunneling encapsulating data within secure packets isolates the private data from other traffic carried by the public network, providing secure transport over the network. The destination endpoint authenticates and decrypts the packets. The BANDIT II and BANDIT III support IPsec with DES, 3DES, and AES for virtual private networks. The BANDIT II and the BANDIT III can each handle up to 30 local VPN tunnel initiations and terminations. The BANDIT products use Encore Networks Selective Layer Encryption (SLE, patent pending) to optimize use of VPNs with the performanceenhancing proxies (PEPs) of satellite networks. 1.2.5 Firewall Security Protection The BANDIT II and BANDIT III support the firewall security protection listed below. Network Address Translation (NAT) - Syslog daemon support IP Filtering - Source host address - Source port number - Destination host address - Destination port number - Protocol (TCP, UDP, ICMP) - Flags (ACK, RST) - Address spoofing 1.2.6 TCP/IP Environments The BANDIT products accept both native IP traffic from a direct Ethernet connection and IP data encapsulated in async/sync PPP (RFC 1331) or SLIP (RFC 1055). IP traffic is encapsulated according to the RFC 1490 standard. The encapsulated packets are then routed according to IP addressing. In addition, the BANDIT can convert IP over PPP to IP over Frame Relay, which provides non-frame Relay routers with a means of accessing Frame Relay networks.

Page 6 Product Overview Module, Document 1 The BANDIT can also use generic route encapsulation (GRE) to carry Frame Relay frames within IP packets. This allows Frame Relay networks another route into IP networks, including the internet. 1.2.6.1 Address Resolution Protocol The BANDIT supports the Address Resolution Protocol (ARP) on the Ethernet, mapping IP addresses to Medium Access Control (MAC) addresses. For example, if you want to make an IP connection between your host and another, you must specify in the configuration the IP Address of the destination host. In addition, you must specify the destination host s MAC address, which is physically encoded on a chip in the destination device. The softwareconfigured IP Addresses are mapped to their corresponding hardware-encoded MAC addresses in an ARP Table of Addresses. When you attempt to send data to a given IP address, the unit looks at its ARP Table to find the MAC address associated with that IP address. If no match is found, the unit broadcasts an ARP Request to the network, asking if any device in the network knows the MAC address for the IP Address you have specified. If your device receives a response (ARP Response) identifying the MAC address that corresponds to the IP Address, your unit enters this information into its ARP Table and initiates the connection you requested. The updated information in the ARP Table remains intact for a configured number of seconds or minutes. The reason the information is not held indefinitely is that if the chip that holds the MAC address in a given device is replaced with a new chip (and new hardwareencoded MAC address), the ARP Table will be out of date. By dropping entries from the ARP Table within a specified number of seconds or minutes, the device is forced to update the information constantly. The unit s ARP table stores up to 500 entries. Entries are aged and deleted after 20 minutes of inactivity. If the table is full, a new entry is written over the oldest entry. 1.2.6.2 Inverse Address Resolution Protocol The BANDIT products also respond to Inverse Address Resolution Protocol (Inverse ARP) requests on the Frame Relay network port per RFC 1293, allowing discovery of the IP address associated with a given MAC address. This means that, when an Inverse ARP request is received over one of the unit s DLCIs, the unit responds with its configured IP address. Although the BANDIT products respond to Inverse ARP requests, they do not generate Inverse ARP requests. 1.2.7 Frame Relay Transporting data over a Frame Relay network has many benefits: Can carry many connections over a single line. Shares bandwidth with multiple applications and/or call sessions. Can handle bursty traffic. Provides high speed and low delay similar to Time Division Multiplexing (TDM). In some areas, access (not based on amount of usage) to public Frame Relay services usually costs less than leased lines.

The BANDIT Device in the Network Page 7 The BANDIT provides a cost-efficient means for connecting legacy equipment to a Frame Relay network by translating protocols into a format that can be transmitted over a Frame Relay network. After the BANDIT translates the data, it routes the data across the Frame Relay network to another unit or Frame Relay-compatible device. When the data reach the destination device, they are translated back to the original protocol. The BANDIT can also concentrate and switch multiple sources of Frame Relay traffic simultaneously. 1.3 Network Management The BANDIT provides a way to monitor important Frame Relay, IP, and other information. You can establish network management as follows: The DB9 Supervisory port is an RS-232 DCE interface that allows you to connect a PC or other terminal to the BANDIT, so that you can configure and monitor the BANDIT device. Using Telnet or HyperTerminal, you have full access to configuration menus and statistics. Local or remote password-protected access is available from the WAN and LAN ports. The SNMP agent includes MIB extensions, traps for dynamic alarms, port capture, and guaranteed trap delivery.

Page 8 Product Overview Module, Document 1

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information