Professional Documents
Culture Documents
Creating a resilient network that intelligently, accelerates and secures converged applications in a global enterprise
PG 2 NORTEL NETWORKS CONFIDENTIAL
>Softricity Softgrid
>Microsoft Windows Terminal Services >P2P Caching >SSL VPN 5.0 > Connection Pooling
Nortel Internal POR / Roadmap ONLY Under Strict NDA
PG 3
Client2
File Systems
Domain Manager
Server Clusters
> Workload Manager monitors server resources Implementation of the SASP protocol IBM Proprietary
Additional factor added to load balancing decision Considers servers CPU, storage, network traffic in the final weight
PG 4 NORTEL NETWORKS CONFIDENTIAL
Configuring WLM
> Configure WLM Load Balancing
/cfg/slb/wlm 1-16 [Workload Manager 1 Menu] addr - Set IP address for Workload Manager port - Set port for Workload Manager del - Delete Workload Manager cur - Display current Workload Manager configuration
Dumb terminals
SoftGrid Servers
Powerpoint Delivered
> Softricity SoftGrid Delivering resources as needed - Same concept as power grid - client uses apps only when required Load balancing at Layer 7 not just layer 4
PG 6 NORTEL NETWORKS CONFIDENTIAL
PG 7
Client2
Session Directory
Window Servers
> Support for Microsoft Windows Terminal Services Load balancing with persistency WTS Health Checking
PG 8 NORTEL NETWORKS CONFIDENTIAL
PG 9
Creating a resilient network that intelligently, accelerates and secures converged applications in a global enterprise
PG 11
PG 12
[Layer 7 SIP Menu] rtpcont - Set BW contract for SIP RTP sessions sipp - Enable/disable SIP parsing cur - Display current SIP configuration
Creating a resilient network that intelligently, accelerates and secures converged applications in a global enterprise
PG 15
Secure Switching
> Expanded Dos Attack Protection
Extend DoS support to include additional DoS signatures
PG 16
PG 17
PG 18
PG 21
PG 22
[Port <port number> Menu] add - Add DoS attack to prevention aadd - Add all protocol anomaly/DoS attack to prevention rem - Remove DoS attack from prevention arem - Remove all protocol anomaly/DoS attack from prevention help - DoS attack prevention description
PG 23
Enforcement Instructions
Event Monitoring
Nortel TPS
Client Network
POE / WI-LAN
NORTEL NETWORKS CONFIDENTIAL
PG 25
Enhanced ITM -1
> Symantec First Attack Protection (Maintenance Release)
Integrate Symantec IPS Engine
PG 26
Enhanced ITM -2
> Packet Counters
Extend current stats to maintain BWM statistics for packet count per contract Permits the calculation of avg packet size
PG 27
BOGON ranges are commonly used to spoof IPv4 packets for large-scale attacks
Statistics
/stats/slb/mirror
PG 29 NORTEL NETWORKS CONFIDENTIAL
Information
/info/l2/team
PG 30 NORTEL NETWORKS CONFIDENTIAL
PG 31
PG 32
PG 34
Creating a resilient network that intelligently, accelerates and secures converged applications in a global enterprise
PG 35
Network Standards
>V23.0 provides support for the following standards
Phase 1 IPv6 XML Configuration API Hosted Overlap NAT Support RIPv2 802.1s and 802.1w
PG 36
Phase 1 IPv6 -1
Includes IPv6 GW, Static Route, VIP, Filter (allow | deny), Management Port = IPv4 Configure IPv6
/cfg/l3/ip/if <interface number> [IP Interface <interface number> Menu] ipver - Set IP version mask - Set subnet mask/prefix length >> IP Interface <interface number> # ipver Current ip version: v4 Enter ip version: v6 >> IP Interface <interface number> # mask Current Prefix length: 0 Pending new Prefix length: 64 Enter new Prefix length [1-128]: 64
PG 37
IPv6 -2
Configuration continued:
>> Main# /cfg/l3/gw Enter default gateway number: (1-259) 1 [Default gateway 1 Menu] ipver - IP version >> Default gateway 1# ipver Current ip version: v4 Enter ip version: v6 >> Layer 4# /cfg/slb/vir <virtual server number> [Virtual Server <virtual server number> Menu] ipver - Set IP version >> Virtual Server <virtual server number># ipver Current ip version: v4 Enter ip version: v6
PG 38 NORTEL NETWORKS CONFIDENTIAL
IPv6 - 3
Filter Configuration
>> Main# /cfg/slb/filt <filter number> [Filter <filter number> Menu] ipver - Set IP version
New command
Ping 6 to ping ipv6 address
Statistics
/stats/l3/ipv6
PG 39
IPv6 - 4
Information
>> IP# /info/l3/
[Layer 3 Menu] route6 - IPv6 Routing Information Menu nbrcache - IPv6 Neighbor Cache Information Menu >> Layer 3# route6 [IPv6 Routing Menu] dump - Show all routes >> IPv6 Address Resolution Protocol# /i/l3/nbrcache
PG 40
IPv6 - 5
Information continued
>> Server Load Balancing Information# /info/slb/sess [Session Table Information Menu] cip6 - Show all session entries with source IP6 address dip6 - Show all session entries with destination IP6 address dump - Show all session entries >> Session Table Information dump 4 dump 6 dump (dump ip4 and ip6 sessions)
PG 41
Maps all configuration CLI commands to XML commands Secured transport Configure XML API
/cfg/sys/access/xml xml - Enable/disable XML config access port - Set XML server port number gtcert - Import XML client certificate delcert - Delete XML client certificate dispcert - Display XML client certificate cur - Display current XML config access configuration
PG 42
PG 43
Creating a resilient network that intelligently, accelerates and secures converged applications in a global enterprise
PG 44
Management Enhancements
> FTP Transfer Support
Support FTP as transfer alternative to TFTP Supported over data and/or management port
image, config, tsdump and panic dumps upload and download Hostname, filename, user and password are requested
PG 45
Management Enhancements
> Port Aliasing
Reference port by name rather than number
PG 46
EMS Enhancements
> Job Scheduler
Handles scheduling jobs by users Supported jobs include ITM signature update, Bogon File Update,TSDMP, CFG dump etc.
PG 47
PG 48
Backup Slides
PG 49
RIPv2 -1
Implement Routing Information Protocol version 2 RFC2453 RIPv2 Password per RIP Interface
Add RIP password name to support the multiple RIPv2 interfaces
Variable length subnet mask in updates Next hop router address Configure RIPv2
/cfg/l3/rip [Routing Information Protocol Menu] if - RIP Interface menu update - Set update period in seconds on - Globally turn RIP ON off - Globally turn RIP OFF current - Display current RIP configuration
PG 50
RIPv2 -2
>> Routing Information Protocol# if 12 [RIP Interface 12 Menu] version - Set RIP version supply - Enable/disable supplying route updates listen - Enable/disable listening to route updates default - Set default route action poison - Enable/disable poisoned reverse trigg - Enable/disable triggered updates Mcast - Enable/disable multicast updates metric - Set metric auth - Set authentication type key - Set authentication key current - Display current RIP interface configuration
PG 51
PG 53
Application Switch
Customer Challenges
> VoIP networks require 5 x 9s uptime > SIP Proxy server is the brain of IP Telephony networks
PG 54
> Intelligent ICMP Error handling If error from foreign SIP host, forwards to
originating local SIP Proxy If error from local SIP Proxy, error not propagated outside local network
PG 55
Layered Security
ScanSynFin DoS Attack Anti-Spoofing Worms, Viruses, Trojans Peer-to-Peer Instant Messaging, Internet Radio VoIP
Limited Guaranteed
PG 56
Creating a resilient network that intelligently, accelerates and secures converged applications in a global enterprise
PG 57 NORTEL NETWORKS CONFIDENTIAL