click pentru a vedea toate pozele
Overview
The Nortel Services Edge Router 5500 is an industry-leading IP services switch that combines both network transport services and high-touch IP services in a single platform. It is the only true convergence platform available to large enterprises and data service providers today.
For the enterprise, the Nortel Services Edge Router 5500 delivers industry-leading high-touch IP processing power for large mission-critical networks. It is designed to simplify network operation and reduce equipment costs while offering a host of important network based services, such as VPNs, traffic management and policing, quality of service (QoS), firewall and security services – all within a single device.
For service providers, the Nortel Services Edge Router 5500 brings IP services to broadband data access, just as the Nortel DMS-100 brought advanced call services to voice. Located at the network’s edge, the Nortel Services Edge Router 5500 delivers scalable and reliable subscriber aggregation regardless of the access and transport technologies/protocols used in the customer network. The Nortel Services Edge Router 5500 then uses the power of its 100+ processors to provide advanced IP services to these subscribers. These network-based IP services include a dedicated firewall for each subscriber, secure IP VPN (supporting intranet, extranet and remote access), advanced quality of service, network address translation (NAT) and personalized content delivery services.
Typical Applications
Enterprises deploying the Nortel Services Edge Router 5500 in their network will enable centralization and rapid deployment of applications such as:
• VPNs (R-and/or MPLS-based) – technology and access agnostic VPN, with site-to-site, remote access, extranet access and firewall-enabled local Internet access options
• Visitor-based networks – flexible, secure and billable access for guests of the hospitality industry
• Network-based security – with stateful firewall, encryption, denial of service (DoS) protection, anti-spoofing and NAT
• Differentiated services – for special treatment of different organizations, departments and users and enforcement of QoS for applications such as VoIP
• Remote office aggregation – with universal support of user technologies and centralized management from the Nortel Services Edge Router 5500, service providers deploying the Router 5500 in the network to enable the provision of large-scale managed applications for the residential, SoHo, SME and corporate market
• Universal broadband aggregation – unique broadband aggregation and subscriber management services specifically for the DSL, dial-up, cable access and wireless access markets
• Advanced wholesaling of access networks and IP services – for access providers, expanded business models through a number of advanced wholesaling features
• Advanced high-touch IP services – a rich set of value added high-touch IP services – security, CoS/QoS and traffic steering, and customized content delivery – enabling service providers to grow their top line services revenue
• Subscriber self-management and on-line reporting capabilities
Key Points
• In the enterprise the Nortel Services Edge Router 5500 delivers industry leading high-touch IP processing power for large mission-critical enterprise networks. It is designed to simplify network operation and reduce equipment costs for the enterprise while offering a host of important network-based services, such as virtual private networks (VPN), traffic management and policing, quality of service (QoS), firewall and security services from within a single device. Its universal access capabilities enable rationalization of network connections in the enterprise network operations center (NOC), while its robust processing power enables granular policy enforcement to the end-user level. The Nortel Services Edge Router 5500 is equipped with a rich set of network-based security features such as stateful firewall, denial of service (DoS) protection and network address translation (NAT). It also is designed to enable flexible network-based IP-VPN options, with support for both virtual router/IPS and MPLSl tunneling options.
Traffic management, tiered services and content management are also supported on the Router 5500 platform - enabling the high degree of control required in support of demanding enterprise applications such as voice over IP. The Router 5500 is also designed to enable centralized network management of all these services for greater operational simplicity for enterprise sites. With the network-based Nortel Services Edge Router 5500 as the enterprise’s primary service mediation and delivery engine, network managers have the ability to control these services from a single device instead of multiple devices that may not be centrally located.
• In the service provider infrastructure the Nortel Services Edge Router 5500 has been the undisputed leader in IP service platforms since its inception in 1999. It delivers scalable, reliable and cost-effective advanced IP services and subscriber aggregation regardless of the network access and transport protocols/technologies. Capabilities of the Nortel Services Edge Router 5500 extend to virtualized stateful firewalls, IP-VPN (intranet, extranet, remote access and MPLSl based), advanced QoSand CoS, NAT policy-based routing and personalized content delivery.
Features and Benefits
• Universal aggregation – The Nortel Services Eedge Router 5500 aggregation solution is unique in supporting a broad spectrum of subscriber types and access technologies. Its rich feature set and powerful hardware platform can lower the costs of providing broadband aggregation and subscriber management services specifically when selling the Nnortel Sservices Eedge Router 5500 into DSL, dial-up, cable and wireless service provider markets.
subscriber types that can be terminated over the SER include PPPoE, PPPoA, IP over ATM, IP over frame relay, HDLC/PPP over frame relay, Ll2TP, IPSec, GRE, VLAN tagged and IP-Demux. The uniquely identifies each terminated subscriber and applies the pre-determined IP service policies according to the subscriber’s profile. Universal aggregation allows service providers to offer concurrent broadband access services to multiple types of access networks, spreading the cost of aggregation services across different customer types. In situations where subscribers have purchased additional IP services, these services can be preserved on the SEseR as subscribers migrate from one type of access technology to the next. The benefit is reduced churn of the subscriber base. Ffor PPPoAa, PPP/L2TP and PPP/HDLC connections, bandwidth-on-demand services are also supported through multi-link PPP
Unlike many broadband remote access servers in the market today, the Nortel Services Edge Router 5500 differentiates itself through its built-in IP services capability that enables seamless deployment of high-touch services to broadband subscribers. The service capacity of any broadband access network must grow along with the subscriber base. With its distributed architecture, the Nortel Services Edge Router 5500 can terminate 32,000 subscribers per chassis, or 128,000 subscribers per seven-foot rack. Because the SER is designed to support both aggregation and IP services, service capacity associated with subscription is not compromised.
• Advanced wholesaling – The Nortel Services Router 5500 allows access providers to expand their business models through a number of advanced wholesaling features. Llogical virtual routers, in the form of ISP contexts with independent administrative domains coupled with a flexible set of L2TP tunneling and switching capabilities, enable service providers to create different outsourced or self-managed wholesale models. These wholesale features are complemented by authentication mechanisms that are made equally flexible by the extensive use of subscriber templates and RADIUS-based configurations.
• IP VPNs – Enterprises have long been receptive to virtual private networks as a means of lowering the total cost of WAN connectivity. While IP-VPN are often positioned as a lower cost alternative to layer 2 VPNns, the true value of IP-VPN is the ubiquitous nature of the underlying TCP/IP protocol. Because IP has proliferated in private and public networks, an IP-based VPN can easily expand its boundaries from fixed sites out to individual users over the Internet. IP applications can also take full advantage of the network services uniquely designed for them, based on a set of pre-defined service policies. Ready for these applications and more, the Nortel Services Edge Router 5500 has been deployed to run some of the largest network-based IP-VPN, including an industry award-winning offering.
• Universal IP-PNs – The Nortel Services Edge Router 5500 network-based IP-VPNns or virtual private routed networks (VPRNs) can be rolled out rapidly and inexpensively to many enterprises over a common network of SEseRs. Ffunctioning as either a provider edge router or label edge router, the SEseR supports various VPN membership, VPNn discovery and tunneling mechanisms, making it suitable for deployment in both IPSsec-VPNn and MPLSls-VPNn environments. With support for the Nnortel VPNn Client termination, both site-to-site and remote access VPNns can be offered as integrated services over a common Sservices Eedge Router 5500 platform. This complete solution has the advantages of ubiquitous access and common policy control, allowing a VPNn to grow without excessive cost and management overhead.
For enterprises that are not ready to outsource their remote access services, the Nortel Services Edge Router 5500 can also support L2TP tunneling as a virtual private dial-up network (VPDNn) service. Through a comprehensive suite of capabilities over a common Nortel Services Edge Router 5500 platform, service providers can now offer a flexible set of network-based intranet, extranet and remote access IP-VPN services.
• Additional IP-PN services – While the cost of IP-VPNn deployment can be lowered through the Nnortel Sservices Eedge Router 5500 network-based offering, the value of these solutions can be increased by using the high-touch IP services already built into each system. Aa common set of network policies, variable for different sites or remote subscribers, can be applied dynamically at the SEseR before admittance into the destined VPRN. These network-based IP service policies can be related to private IP address usage, firewall rules, content filtering, traffic shaping and a host of other IP services. Ffor example, a firewall policy can allow a VPNn site to directly access the Internet without being routed through a firewall at the corporate headquarters, thereby reducing delay and a potential bottleneck.
While many network-based IP-VPNs are provisioned through route configuration and tunnel setup between VPNn nodes, a Nnortel Sservices Eedge Router 5500-based VPRN leverages both its knowledge of VPN subscribers (during authentication), and the layout of the SER-based network to offer network-wide intelligence. These can include intelligent meshing, a dynamic tunnel setup and tear-down mechanism based on existing VPN traffic, or network-wide VPRN accounting. Network level intelligence offers tremendous cost savings in the running and operation of universal IP-VPN services and is equally applicable for either IPSec– or MPLS-based IP-VPNs.
While the traditional IP VPNn market focuses on only site-to-site connectivity, Nortel Router 5500 enables service providers to add sophisticated remote access, extranet and simultaneous VPNn plus Internet capabilities. Its full range of IP services can also be applied to enterprise end-users.
• Advanced high-touch IP services – The Nortel Services Edge Router 5500 provides a rich set of value-added high-touch IP services, enabling service providers to grow their top line services revenue. These include a wide range of security, CoS and traffic steering services.
• IP security services – Anchoring the Nortel Sservices Eedge Router 5500 IP security suite is the industry’s first network-based ICSA certified state aware firewall. The Nnortel Router 5500 state-aware firewall is centrally managed and provides a sophisticated user interface to define firewall rule sets. The Nortel Services Edge Router 5500 firewall is capable of tracking complex IP applications such as H. 323 or SsIP-based voice-over-IP services. Bby extracting key parameters from the associated control plane, consistent firewall policy filters can be applied to entire conversations instead of limited traffic flows. When configured properly, subscribers can also be protected from certain types of denial-of-service attacks. Over 2 million Nortel Services Edge Router 5500 firewall licenses have been sold since the first product shipment.
To complete the suite of IP security services, the Nortel Services Edge Router 5500 also supports anti-spoofing to prevent a hacker from impersonating legitimate users, NAT to protect user IP addresses and IPsec data encryption to protect data content in transition. For security management, logging can be enabled for these security services and that data can be fed into reporting systems for analysis.
Nortel Services Edge Router 5500 IP security services are complemented by a flexible set of authentication services via RADIUS, LDAP, proxy SecureID and CHAP/PAP negotiations for PPP subscribers. For security services such as content filtering, intrusion detection or anti-virus protection, continues to work with a number of industry leading partners to offer complete solutions for network-based deployments.
• IP-CoS services – As the networking community has realized that the quality of service (QoS) found in traditional connection oriented networks is impractical in IP networks, the industry has moved toward a more practical alternative: IP class of service (CoS). The concept behind IP CoSs relies on the marking and classification of IP packets; then, nodes within the network can apply the necessary packet processing based on a number of traffic engineering techniques and queuing algorithms. Depending on transport infrastructure, the classified IP flows can also be mapped to QoS features that are associated with the underlying transport services.
The Nortel Services Edge Router 5500 supports a full range of IP CoS features that can be combined to enable tiered services based on subscribers or applications. From a SER service provisioning perspective, the IP CoSs services include diffServ marking, Ll3 traffic shaping and traffic policing. The SER’s traffic shaping implementation can be flow based or rule based, with optional rate limiting capabilities based on service class or service connection. Ffor traffic policing, both single rate three-color marker (SRTM) and two rate three-color markers (TRTM) are supported. Last but not least, the Nnortel Sservices Eedge Router 5500 can map its Ll3 classes to Ll2 ATM virtual circuits to take advantage of any underlying ATM QoS services. For Ethernet access, VLAN-based 802. 1P priority mapping is also supported. The Router 5500 IP CoSs services are expected to play an increasing role in the support of certain time sensitive traffic over an integrated IP network and also in the support of service level agreements (SLAla) for tiered services.
• IP traffic steering services – The Nortel Services Edge Router 5500 vision of network-based services includes present and future high-touch IP services. These value-added capabilities can range from dedicated server-based traffic processing to distributed content subscription and delivery networks. The underlying assumption is that a subscriber-aware broadband service node is ideally positioned to bridge subscribers to their desired network services and content, which in turn allows service providers to evolve their service offerings and business models. A number of IP traffic steering capabilities, also known as SEseR service delivery interfaces (SDI), are designed into the Nortel Services Edge Router 5500 iSOS system to enable integration with service capabilities that are external to the SER. SDI supported by SER iSOS today include Web steering (WS), policy based forwarding (PBF) and personal content portal (PCP).
Web steering can be used to redirect HTTP-based traffic to a proxy, cache or content-filtering server external to the SEseR for related services. Since these services are typically not deployed locally to the SER, the Web steering SDI also incorporates automatic network address translation, support for up to 254 remote servers and a built-in service health-check.
Policy-based forwarding is an extremely flexible SsDI supported on any physical or virtual interface. It allows a traffic policy to be set up for ingress traffic to bypass normal route lookup and forwards the traffic toward the pre-determined next-hop interface based on policy rule-match.
Personal content portal (PCP) is perhaps the most powerful SsDI of all. Aan application that incorporates the PCP AaPI set can transparently intercept a subscriber HTTP session and hold the subscriber captive, push a Web page to the subscriber, release the subscriber to the intended HTTP destination, or replace the subscriber service policies on a temporary basis. Because a timer function is built into PCP, the subscriber can be held captive at any time desired, which allows a service provider to have full control over subscriber services. Since PCP only provides the subscriber control mechanism for the PCP application, the power of PCP-based services is limited only by the creativity in the definition of the applications. The application can be as simple as pushing a welcome page to the subscriber, or as forward-looking as offering a selection of personalized content and on-demand network services.
Technical Specifications
Dimensions
• 19” (48.26 cm) width
• 19.25” (48.9 cm) height
• 11 RU - 4 per 7’ rack
• 18” (45.72 cm) depth
Weight
• 135 lb (61 kg) fully loaded
• 39 lb (18 kg) empty
DC power
• 1500 watts fully loaded
• -38V DC min to -60V DC max
• 40 Amps
AC power
• 90 to 260 VAC @ 50 to 60 Hz
• 60 Amps 16 Amps per input
Safety
• UL 1950, CSA 950, CE Mark
EMI
• FCC Part 15 Class A
• EN 550 22A
Altitude
• -197 to 10,000 ft (-60m to 3048 m)
General system characteristics
• 14 slots modular chassis at 622 Mbps or 1.2 Gbps full duplex operation
• Logical backplane for non-stop operation
• Hot-swap and redundancy support for all modules
• Distributed DC entry (AC optional)
• 4 systems per 7 foot telco rack
System modules
• One or two Control and Management Card (CMC) modules providing routing and management for the system, each equipped with 2 Ffast Eethernet ports and 3 management ports (Sserial, Aaux, Eethernet)
• One or two 2.5, 5, or 10 Gbps non-blocking Switch Fabric Cards (SFC) with full per flow queuing
• Up to 6 Subscriber Service Cards (SSC), each with up to 4 Subscriber Service Modules (SSssMs) processor groups
Interface modules
• 4 port OC-3/STM-1 ATM (SM or MM)
• 2 port OC-12/STM-4 ATM with optional APS (SM or MM)
• 3 port DS3/E3 + 1 port OC-3/STM-1 ATM (SM or MM)
• 4 port Channelized DS3
• 2 port Channelized STM-1 (SM or MM)
• 1 port Gigabit Ethernet (SM or MM)
• 8 port Fast Ethernet
Connectivity/access services
• RFC - 1661 PPP
• RFC - 1662 PPP in HDLC-like Framing
• RFC - 1973 PPP in Frame Relay
• RFC - 1990 PPP Multilink Protocol
• RFC - 2364 PPP Over AAL5 (or PPPoA)
• RFC - 2516 PPP Over Ethernet (or PPPoE)
• RFC - 2661 Layer Two Tunneling Protocol - L2TP
– LAC/LNS
– Intelligent tunnel switching and load balancing
• RFC - 1490 Bridged/Routed IP Over Frame Relay (Now RFC 2427)
• RFC - 1483 Bridged/Routed IP Over ATM (Now RFC 2684)
– Independent bridged subnets
– Bridge groups
• RFC - 2401 IPSec
• RFC - 2784 GRE
• IEEE 802.1Q Virtual LANs
• IPDemux
• L2TP over IPSec
• RFC 1542 - DHCP Relay
• RFC 2138/2139 Radius
Routing services
• RFC – 1058 RIP v1
• RFC – 2453 RIP v2
• RFC – 2328 OSPF v2
• RFC – 1771 BGP v4 (including RFCs -1997, 1966, 2439, 1965)
• RFC – 1142 IS-IS (Trunk only)
• RFC – 2236 IGMP v2 Proxy
Authentication access services
• RFC – 2138, 2139 RADIUS
• RFC – 2251 LDAP
• Proxy SecureID (RSA Certified)
IP-VPNn services
• VPN deployment models
• Virtual Private Routed Networks (VPRN) — RFC 2764-based IP VR-VPNs
• BGP/MPLS VPN : RFC 2547-based VRF-VPNs
• Virtual Private Dial Networks (VPDN)
• Virtual Leased Lines (VLL)
• Remote Access VPN – Termination of Windows-based Nortel VPN Client
– VPRN Topology Optimization: Intelligent Meshing, Hub and Spoke
• Tunneling: L2TP, IPSec, L2TP/IPSec
• Encryption: AES (128-bit), 3DES, DES
• Hash Algorithms: SHA-1, MD-5
• Key Management Algorithm: Asymmetric cryptography, Diffie Hellman Group 1 (768 bits) and Group 2 (1024bits)
• Encapsulation: ESP
• ESP IPSec Mode: Tunnel Mode, Transport Mode (L2TP/IPSec only)
• Control Path : IKA SA negotiation
– Phase 1 — Main Mode, Aggressive Mode (for Nortel VPN Clients only)
– Phase 2 — Quick Mode, with optional PFS
• Authentication: Pre-shared keys for static tunnels, RADIUS for user authentication
• Hub-spoke topologies with both MPLS and IPSec VPNs
• Management VPNs for Managed CPE based services utilizing MPLS backbones
• Explicit FEC—an intelligent mechanism to differentiate and prioritize between different traffic types in an MPLSl VPN
Service Creation (SCS) system specifications
SCS System server modules
• Domain Server
• Regional Server
• LDAP Server
• Pull Server
• Log Server
• CORBA Server
• Service Management Center CNM Server
SCS system interfaces
• Command Line Interface (CLI)
• SNMP (Agent and Proxy)
• CORBA API
• RADIUS
• Accounting and Service Log Files (XML, Binary or ASCII formats)