Upload
vinay-hsn
View
219
Download
0
Embed Size (px)
Citation preview
8/12/2019 AOS V23.0 Beta Training
1/57
NORTEL NETWORKS CONFIDENTIAL
Application Switching
Nortel Application Switch OS 23.0
Planned Features
8/12/2019 AOS V23.0 Beta Training
2/57
PG 2 NORTEL NETWORKS CONFIDENTIAL
Alteon OS 23.0 Major Features
> Customized Application Delivery> Converged Network Intelligence
> Secure Switching
> Networks and Standards
> Management Improvements
Creating a resi l ient netwo rk that in tel ligently,
accelerates and secures converged app l icat ions in
a global enterpr ise
8/12/2019 AOS V23.0 Beta Training
3/57
8/12/2019 AOS V23.0 Beta Training
4/57
PG 4 NORTEL NETWORKS CONFIDENTIAL
Workload Manager
> Workload Manager monitors server resources
Implementation of the SASP protocolIBM Proprietary
Additional factor added to load balancing decision
Considers servers CPU, storage, network traffic in the final weight
Client1
Client2
Server Clusters
File Systems
LB decision
based upon
network traffic
to servers
Domain
Manager
LB decision hasan added weight
based upon
usage of servers
and attached
devices
Server Load Balancing
8/12/2019 AOS V23.0 Beta Training
5/57
PG 5 NORTEL NETWORKS CONFIDENTIAL
Configuring WLM
> Configure WLM Load Balancing/cfg/slb/wlm 1-16[Workload Manager 1 Menu]
addr - Set IP address for Workload Manager
port - Set port for Workload Manager
del - Delete Workload Manager
cur - Display current Workload Manager configuration
> Assign WLM to group (requires configuring the WLM)/cfg/slb/group 1
[Real Server Group 1 Menu]
wlmSet Workload Manager number
> Display statistics for WLM /stats/slb/wlm
Enter Workload Manager number (1-16):
> Display Information /info/slb/wlm
8/12/2019 AOS V23.0 Beta Training
6/57
PG 6 NORTEL NETWORKS CONFIDENTIAL
SoftGrid Servers Load Balancing
> Softricity SoftGrid
Delivering resources as needed - Same concept aspower grid - client uses apps only when required
Client1Requires
Word &
Powerpoint
Client2
Requires
only
Powerpoint Applicationsloaded on
these servers
Word
&Powerpoint
Delivered
Powerpoint
Delivered
Dumb terminals SoftGrid
Servers
Load balancing at Layer 7 not just layer 4
8/12/2019 AOS V23.0 Beta Training
7/57
PG 7 NORTEL NETWORKS CONFIDENTIAL
Configuring SoftGrid Servers
> Configure SoftGrid Load Balancing
/cfg/slb/virt /service rtsp
[Virtual Server rtsp Service Menu]
softgrid - Enable/disable SoftGrid load balancing
If SoftGrid is enabled, regular RTSP load balancing will not be available forthat service.
8/12/2019 AOS V23.0 Beta Training
8/57
PG 8 NORTEL NETWORKS CONFIDENTIAL
WTS Load Balancing
Client1
Client2
Window Servers
Load
Balancing
with
persistency
Session
Directory
Typical LBdecisions do
not guarantee
reaching the
same server
> Support for Microsoft Windows Terminal Services
Load balancing with persistency
WTS Health Checking
8/12/2019 AOS V23.0 Beta Training
9/57
PG 9 NORTEL NETWORKS CONFIDENTIAL
WTS Load Balancing Configuration
> Configure WTS Load Balancing/cfg/slb/virt /service 3389
[Virtual Server 3389 Service Menu]
wtsWTS Load Balancing Menu
[WTS loadbalancing and persistence Menu]
userhash - Enable userhash when there is no Session Directory Server
ena - Enable WTS load balancing and persistence
dis - Disable WTS load balancing and persistencecur - Display current WTS configuration
8/12/2019 AOS V23.0 Beta Training
10/57
PG 10 NORTEL NETWORKS CONFIDENTIAL
Customized Application Delivery
> P2P Cache Load Balancing Redirects traffic @ L7 without delayed binding
Configure P2P cache LB (transparent proxy redirection)/cfg/slb/real /adv
[Real Server Advanced Menu]subdmac - Enable/disable destination MAC address substitution
> Connection Pooling Improves SLB performance Offloads TCP setup and tear down on servers Configure connection pooling
/cfg/slb/virt/ /service 80 /http
[Http Load Balancing Menu]pooling - Enable/disable connection pooling for HTTP traffic
Statistics for connection pooling/stats/slb/layer7
[Layer7 Statistics Menu]
poolingShow connection pooling stats
8/12/2019 AOS V23.0 Beta Training
11/57
PG 11 NORTEL NETWORKS CONFIDENTIAL
Alteon OS 23.0 Major Features
> Customized Application Delivery> Converged Network Intelligence
> Secure Switching
> Networks and Standards
> Management Improvements
Creating a resi l ient netwo rk that in tel ligently,accelerates and secures converged app l icat ions in a
global enterpr ise
8/12/2019 AOS V23.0 Beta Training
12/57
PG 12 NORTEL NETWORKS CONFIDENTIAL
Continuing to Deliver
Resilient VoIP -1
> SIP Operator Defined PortAllow the operator to change server SIP port to other than
UDP 5060
Configure operator defined port/cfg/slb/virt 1/service 5060/rport xxxx
> SIP Refer Method Support
Enable support for SIP Refer method for SIP proxy LB
Required for call transfer services
No configuration required
8/12/2019 AOS V23.0 Beta Training
13/57
PG 13 NORTEL NETWORKS CONFIDENTIAL
Continuing to Deliver
Resilient VoIP -2
> SIP parsing (SIP NAT and Gleaning) Provides SIP NAT functionality
Inspects SIP traffic to determine RTP ports
Open required pinholes and applies contracts
Configure SIP parsing
/cfg/slb/filt /adv/layer7/ sip
[Layer 7 SIP Menu]
rtpcont - Set BW contract for SIP RTP sessions
sipp - Enable/disable SIP parsing
cur - Display current SIP configuration
> SIP Options Health Check Support SIP health check type based on SIP OPTIONS (like HTTP
and RTSP) Current SIP health check initiates a SIP PING
Configurationcfg/slb/group /health
8/12/2019 AOS V23.0 Beta Training
14/57
PG 14 NORTEL NETWORKS CONFIDENTIAL
Continuing to Deliver
Resilient VoIP -3 Example of SIP Option transaction
OPTIONS 47.80.23.195 SIP/2.0Via: SIP/2.0/UDP 47.80.23.242;Max-Forwards: 70To: From: Call-ID: 45454545454 CSeq: 1
OPTIONS Contact: Accept: application/sdpContent-Length: 0
SIP/2.0 200 OKVia: SIP/2.0/UDP 47.80.23.242To:
From: Call-ID: 45454545454 CSeq: 2OPTIONS Contact:
Allow: INVITE, ACK, CANCEL, OPTIONS, BYEAccept: application/sdpContent-Type: application/sdpContent-Length: 0
8/12/2019 AOS V23.0 Beta Training
15/57
PG 15 NORTEL NETWORKS CONFIDENTIAL
Alteon OS 23.0 Major Features
> Customized Application Delivery> Converged Network Intelligence
> Secure Switching
> Networks and Standards
> Management Improvements
Creating a resi l ient netwo rk that in tel ligently,
accelerates and secures converged app l icat ions in a
global enterpr ise
8/12/2019 AOS V23.0 Beta Training
16/57
PG 16 NORTEL NETWORKS CONFIDENTIAL
Secure Switching
> Expanded Dos Attack Protection Extend DoS support to include additional DoS signatures
> Nortel TPS Enforcement Point Threats detected are blocked by switch
> Enhanced Intelligent traffic Management Symantec First Attack Protection
Multi-packet Inspection
Bogon filtering
Socket Based BWM Statistics Transfer
Packet Counters
Contract Based Mirroring
8/12/2019 AOS V23.0 Beta Training
17/57
PG 17 NORTEL NETWORKS CONFIDENTIAL
Expanded DoS Attack Protection - 1
> The following lists all DoS attacks in v23.0 iplen : IPv4 packets with bad IP header or payload length ipversion : IPv4 packets with IP version not 4. broadcast : IPv4 packets with broadcast source or destination IP loopback : IPv4 packets with loopback source or destination IP land : IPv4 packets with same source and destination IP
ipreserved : IPv4 packets with IP reserved bit is set ipttl : IPv4 packets with small IP TTL ipprot : IPv4 packets with IP protocol unassigned or reserved ipoptlen : IPv4 packets with bad IP options length fragmoredont: IPv4 packets with more fragments and dont
fragment bit set
fragdata IPv4 packets with more fragments bit set and smallpayload
fragboundary: IPv4 packets with more fragments bit set andpayload not at 8-byte boundary
8/12/2019 AOS V23.0 Beta Training
18/57
PG 18 NORTEL NETWORKS CONFIDENTIAL
Expanded DoS Attack Protection - 2
> The following lists all DoS attacks in v23.0 fraglast : IPv4 packets last fragment without payload fragdontoff : IPv4 packets with non-zero fragment offset and don't
fragment bits set fragopt : IPv4 packets with non-zero fragment offset and IP options fragoff : IPv4 packets with small non-zero fragment offset
fragoversize: IPv4 packets with non-zero fragment offset andoversize payload
tcplen : TCP packets with bad TCP header length tcpportzero : TCP packets with source or destination port is zero tcpreserved : TCP packets with TCP reserved bit is set finscan : TCP packets with only FIN bit is set
vecnascan : TCP packets with only URG or PUSH or URG|FIN orPSH|FIN or URG|PSH bits are set
synfinscan : TCP packets with SYN and FIN bits are set
8/12/2019 AOS V23.0 Beta Training
19/57
PG 19 NORTEL NETWORKS CONFIDENTIAL
Expanded DoS Attack Protection - 3
> The following lists all DoS attacks in v23.0 tcplen : TCP packets with bad TCP header length tcpportzero : TCP packets with source or destination port is zero tcpreserved : TCP packets with TCP reserved bit is set finscan : TCP packets with only FIN bit is set vecnascan : TCP packets with only URG or PUSH or URG|FIN or
PSH|FIN or URG|PSH bits are set synfinscan : TCP packets with SYN and FIN bits are set flagabnormal: TCP packets with abnormal control bits combination syndata : TCP packets with SYN bit set and with payload synfrag : TCP packets with SYN bit is set and more fragments bit is
set
ftpport : TCP packets with SPORT=20, DPORT
8/12/2019 AOS V23.0 Beta Training
20/57
8/12/2019 AOS V23.0 Beta Training
21/57
8/12/2019 AOS V23.0 Beta Training
22/57
PG 22 NORTEL NETWORKS CONFIDENTIAL
DoS Attack Protection
Configuration - 1
/cfg/sec/dos
[DoS Attack Prevention Menu]ipttl - Set the smallest allowable IP ttl for ipttlIpprot - Set the highest allowable IP protocol for ipprotfragdata - Set the smallest allowable IP fragment payload for fragdatafragoff - Set the smallest allowable IP fragment offset for fragoffsyndata - Set the largest allowable TCP SYN payload for syndataIcmpdata - Set the largest allowable ICMP payload for icmpdatahelp - DoS attack prevention descriptioncur - Display current DoS attack prevention
/cfg/sec/dos/curCurrent DoS attack prevention settings: ipttl 1, ipprot 137, fragdata 32,
fragoff 4, syndata 0, icmpdata 800
8/12/2019 AOS V23.0 Beta Training
23/57
PG 23 NORTEL NETWORKS CONFIDENTIAL
DoS Attack Protection
Configuration - 2
/cfg/sec/port
[Port Menu]add - Add DoS attack to preventionaadd - Add all protocol anomaly/DoS attack to preventionrem - Remove DoS attack from prevention
arem - Remove all protocol anomaly/DoS attack from preventionhelp - DoS attack prevention description
8/12/2019 AOS V23.0 Beta Training
24/57
PG 24 NORTEL NETWORKS CONFIDENTIAL
Nortel TPS Enforcement Point -1
Client Network Server Farm / Data Center POE / WI-LAN
Nortel TPS
Nortel ApplicationSwitch
Nortel TPS
Nortel DefenseCenter
Enforcement Instructions
Event Monitoring
Event Monitoring
Event Analysis
Out of path
monitoring with in
path enforcement
Terminate existing
sessions and stop
new sessions
Retrieve
instructions from
events learned
elsewhere
8/12/2019 AOS V23.0 Beta Training
25/57
PG 25 NORTEL NETWORKS CONFIDENTIAL
Nortel TPS Enforcement Point -2
> Nortel TPS Enforcement Point Dynamically add/remove filters/ACLs Syslog captures addition/deletion of filters/ACLs
Manually set filters/ACLs
ACLs can be issued to
block source IP block destination IP
block source network
block destination network
delete session
8/12/2019 AOS V23.0 Beta Training
26/57
PG 26 NORTEL NETWORKS CONFIDENTIAL
Enhanced ITM-1
> Symantec First Attack Protection (Maintenance Release) Integrate Symantec IPS Engine
> Multi-packet Inspection Permit the chaining of pattern groups
Match multiple patterns across multiple IPv4 packets
Configure multi-packet inspection/cfg/slb/filt /adv/sec/parsechn
> Socket Based BWM Statistics Transfer Change BWM statistics transfer from SMTP to Socket Based
User configurabledefault SMTP
Configure socket based stats/cfg/bwm/email disable
/cfg/bwm/report
report - Set IP address of Reporting server
8/12/2019 AOS V23.0 Beta Training
27/57
PG 27 NORTEL NETWORKS CONFIDENTIAL
Enhanced ITM -2
> Packet Counters Extend current stats to maintain BWM statistics for packet count per
contract
Permits the calculation of avg packet size
> Contract Based Mirroring
Available in maintenance mode Used to isolate traffic for troubleshooting / analysis
Configure
/cfg/bwm/cont x
pmirr - Set monitoring port for packet mirroring
> Bogon Filtering
8/12/2019 AOS V23.0 Beta Training
28/57
PG 28 NORTEL NETWORKS CONFIDENTIAL
Automated BOGON Support
BOGONs (Bogus
Networks) are
unassigned IP
Address Ranges
BOGONs should
NEVER be seen
entering or exiting
your network
BOGON ranges are
commonly used to
spoof IPv4 packets
for large-scale
attacks
Not efficient to
manage 8k+ ever
changing filters
UNTIL NOW!
8/12/2019 AOS V23.0 Beta Training
29/57
PG 29 NORTEL NETWORKS CONFIDENTIAL
Content Switching Enhancements -1
> Stateful Failover Supports session failover on service basis
Services supported are SIP, FTP & NAT filters
Uses proprietary protocolNAAP
Configure stateful failover/cfg/slb/port /intersw
/cfg/slb/virt /service
mirrorenable/disable session mirroring
/cfg/slb/filt x/adv/mirror
Statistics/stats/slb/mirror
8/12/2019 AOS V23.0 Beta Training
30/57
8/12/2019 AOS V23.0 Beta Training
31/57
PG 31 NORTEL NETWORKS CONFIDENTIAL
Content Switching Enhancements - 3
> VPNLB Persistence
Glue the IPSEC connection to the existing IKE connection Required when VPN link flaps because hash will send IPSEC
connection back to original server but IKE connection iselsewhere
8/12/2019 AOS V23.0 Beta Training
32/57
PG 32 NORTEL NETWORKS CONFIDENTIAL
Content Switching Enhancements - 4
> Buddy Server Health Check
Ability to tie the load balanced servers health to a non load-balanced server
Real Server is only marked up when buddy server is availablebuddy server may use different health check
NOT same us buddy groupsthis marks individual server and not
server group Configuration
/cfg/slb/real /adv/buddyhc
[Buddy Server health check Menu]
addbds - Add Buddy serverdelbds - Delete Buddy server
cur - Display current buddy server configuration
8/12/2019 AOS V23.0 Beta Training
33/57
PG 33 NORTEL NETWORKS CONFIDENTIAL
Content Switching Enhancements - 5
> Backup Only Server
Support for Server as Backup ONLY (not overflow)Allows operator to impose maximum session capacity (paid
services) and still provide for resiliency
Configure backup only server/cfg/slb/real
[Real Server Menu]
OverfloEnable/disable backup on overflow
> Configurable Session Timeout per Service Provide different session timeout values on a per service basis
Custom timeout values per service, only available for filters now
Configure timeout per service/cfg/slb/virt /service 80
[Virtual Server http Service Menu]
TmoutSet minutes inactive connection remains open
8/12/2019 AOS V23.0 Beta Training
34/57
PG 34 NORTEL NETWORKS CONFIDENTIAL
Content Switching Enhancements - 6
> Send Resets when Switch DENYs a TCP Packet Switch sends RST instead of waiting for server to timeout
Alternative server needs to time out the connections
> Configurable RTSP Control PortAllow the operator to specify the RTSP control port
Currently fixed to 554
Configure RTSP control port/cfg/slb/virt service 100/rtsp
[RTSP Load Balancing Menu]
rtspslbSet RTSP URL Load balancing type
> Proxy Support Insert Cookie Mode Insert Cookie mode when operating in a proxied environment
8/12/2019 AOS V23.0 Beta Training
35/57
PG 35 NORTEL NETWORKS CONFIDENTIAL
Alteon OS 23.0 Major Features
> Customized Application Delivery
> Converged Network Intelligence
> Secure Switching
> Networks Standards
> Management Improvements
Creating a resi l ient netwo rk that in tel ligently,
accelerates and secures converged app l icat ions in a
global enterpr ise
8/12/2019 AOS V23.0 Beta Training
36/57
PG 36 NORTEL NETWORKS CONFIDENTIAL
Network Standards
>V23.0 provides support for the followingstandards
Phase 1 IPv6
XML Configuration API
Hosted Overlap NAT Support
RIPv2
802.1s and 802.1w
8/12/2019 AOS V23.0 Beta Training
37/57
PG 37 NORTEL NETWORKS CONFIDENTIAL
Phase 1 IPv6 -1
Includes IPv6 GW, Static Route, VIP, Filter (allow | deny),
Management Port = IPv4 Configure IPv6
/cfg/l3/ip/if
[IP Interface Menu]
ipver - Set IP version
mask - Set subnet mask/prefix length
>> IP Interface # ipver
Current ip version: v4
Enter ip version: v6
>> IP Interface # maskCurrent Prefix length: 0
Pending new Prefix length: 64
Enter new Prefix length [1-128]: 64
8/12/2019 AOS V23.0 Beta Training
38/57
8/12/2019 AOS V23.0 Beta Training
39/57
PG 39 NORTEL NETWORKS CONFIDENTIAL
IPv6 - 3
Filter Configuration>> Main# /cfg/slb/filt
[Filter Menu]
ipver - Set IP version
New commandPing 6 to ping ipv6 address
Statistics
/stats/l3/ipv6
8/12/2019 AOS V23.0 Beta Training
40/57
PG 40 NORTEL NETWORKS CONFIDENTIAL
IPv6 - 4
Information>> IP# /info/l3/
[Layer 3 Menu]
route6 - IPv6 Routing Information Menu
nbrcache - IPv6 Neighbor Cache Information Menu
>> Layer 3# route6
[IPv6 Routing Menu]
dump - Show all routes
>> IPv6 Address Resolution Protocol# /i/l3/nbrcache
[IPv6 Address Resolution Protocol Menu]
dump - Show all IP6 neighbor cache entries
8/12/2019 AOS V23.0 Beta Training
41/57
PG 41 NORTEL NETWORKS CONFIDENTIAL
IPv6 - 5
Information continued>> Server Load Balancing Information# /info/slb/sess
[Session Table Information Menu]cip6 - Show all session entries with source IP6 addressdip6 - Show all session entries with destination IP6 addressdump - Show all session entries
>> Session Table Informationdump 4dump 6
dump (dump ip4 and ip6 sessions)
8/12/2019 AOS V23.0 Beta Training
42/57
PG 42 NORTEL NETWORKS CONFIDENTIAL
XML Configuration API
Provides common API to manage switch
Removes requirement to constantly develop unique APIs
Maps all configuration CLI commands to XMLcommands
Secured transport
Configure XML API
/cfg/sys/access/xmlxml - Enable/disable XML config access
port - Set XML server port number
gtcert - Import XML client certificate
delcert - Delete XML client certificate
dispcert - Display XML client certificatecur - Display current XML config access configuration
8/12/2019 AOS V23.0 Beta Training
43/57
PG 43 NORTEL NETWORKS CONFIDENTIAL
Hosted Overlap NAT
Support the NAT of overlapping client IP addresses with unique
VLANs
Return traffic returned to original client VLAN
Configuration
/cfg/slb/adv
pvlantagEnable/disable preserving vlan tag during packet forwarding
8/12/2019 AOS V23.0 Beta Training
44/57
PG 44 NORTEL NETWORKS CONFIDENTIAL
Alteon OS 23.0 Major Features
> Customized Application Delivery
> Converged Network Intelligence
> Secure Switching
> Networks and Standards
> Management Improvements
Creating a resi l ient netwo rk that in tel ligently,
accelerates and secures converged app l icat ions in a
global enterpr ise
8/12/2019 AOS V23.0 Beta Training
45/57
PG 45 NORTEL NETWORKS CONFIDENTIAL
Management Enhancements
> FTP Transfer Support
Support FTP as transfer alternative to TFTP Supported over data and/or management port
image, config, tsdump and panic dumps upload and download
Hostname, filename, user and password are requested
> Configuration Ranges Permit configuration using ranges for ports, trunks, real servers
and filters
Ex. /cfg/po 1-10/pvid 5sets ports 1 through 10 to defaultVLANID 5
> Comprehensive Boot Logging Logs S/W version, boot code, firmware during boot process
8/12/2019 AOS V23.0 Beta Training
46/57
PG 46 NORTEL NETWORKS CONFIDENTIAL
Management Enhancements
> Port Aliasing Reference port by name rather than number
> Query Encryption License/ Switch serial number Obtain encryption licenses or serial number of switch
CLI and SNMP
> Delete Specified Session EntryAllow operator to delete a specific session entry without clearing
entire session table
8/12/2019 AOS V23.0 Beta Training
47/57
PG 47 NORTEL NETWORKS CONFIDENTIAL
EMS Enhancements
> Job Scheduler Handles scheduling jobs by users
Supported jobs include ITM signature update, Bogon File Update,TSDMP,CFG dump etc.
> SLB Wizard
Intended for first time or novice users Intuitive and Easy to use
> New EMS server ClientServer architecture
Entirely rewritten in Java
Handles multiple switches Centralized MySQL Database
Jetty Webserver
8/12/2019 AOS V23.0 Beta Training
48/57
PG 48 NORTEL NETWORKS CONFIDENTIAL
ASEM Server Architecture
8/12/2019 AOS V23.0 Beta Training
49/57
PG 49 NORTEL NETWORKS CONFIDENTIAL
Backup Slides
8/12/2019 AOS V23.0 Beta Training
50/57
PG 50 NORTEL NETWORKS CONFIDENTIAL
RIPv2 -1
Implement Routing Information Protocol version 2 RFC2453
RIPv2 Password per RIP Interface Add RIP password name to support the multiple RIPv2 interfaces
Variable length subnet mask in updates
Next hop router address
Configure RIPv2
/cfg/l3/rip
[Routing Information Protocol Menu]
if - RIP Interface menu
update - Set update period in seconds
on - Globally turn RIP ON
off - Globally turn RIP OFF
current - Display current RIP configuration
8/12/2019 AOS V23.0 Beta Training
51/57
PG 51 NORTEL NETWORKS CONFIDENTIAL
RIPv2 -2
>> Routing Information Protocol# if 12
[RIP Interface 12 Menu]
version - Set RIP version
supply - Enable/disable supplying route updates
listen - Enable/disable listening to route updates
default - Set default route actionpoison - Enable/disable poisoned reverse
trigg - Enable/disable triggered updates
Mcast - Enable/disable multicast updates
metric - Set metric
auth - Set authentication type
key - Set authentication keycurrent - Display current RIP interface configuration
8/12/2019 AOS V23.0 Beta Training
52/57
PG 52 NORTEL NETWORKS CONFIDENTIAL
RSTP & MSTP Support -1
> Rapid Spanning Tree (RSTP) Evolution of 802.1d Supports only single Spanning tree
Faster convergence times
3 operational states Discarding
Learning
Forwarding
> Multiple Spanning Tree (MSTP) Extension of RSTP to Multiple Spanning Trees
Backward compatible with 802.1d and 802.1wAssociates group of vlans to a single spanning tree instance
Load balancing
Multiple forwarding paths
16 instances and one CIST
8/12/2019 AOS V23.0 Beta Training
53/57
PG 53 NORTEL NETWORKS CONFIDENTIAL
RSTP & MSTP -2
Configure RSTP & MSTP
Main# /cfg/l2/
[Layer 2 Menu]
mrst - Multiple Spanning Tree/Rapid Spanning Tree Menu
cist - Common and Internal Spanning Tree menu
name - Set MST region nameversion - Set Version of this MST region
maxhop - Set Maximum Hop Count for MST (6 - 40)
mode - Spanning Tree Mode
on - Globally turn Multiple Spanning Tree (MSTP/RSTP) ON
off - Globally turn Multiple Spanning Tree (MSTP/RSTP) OFFcur - Display current MST parameters
D li i R ili t S V IP
8/12/2019 AOS V23.0 Beta Training
54/57
PG 54 NORTEL NETWORKS CONFIDENTIAL
Delivering Resilient Secure VoIP
Customer Challenges
> VoIP networks require 5 x 9suptime
> SIP Proxy server is the brain ofIP Telephony networks
REGISTER and
INVITE John INVITE John
SIP Call Server Clusters
SIP 200/OK
SIP 200/OK
Application Switch
Solution provides resiliency,with security
Maintains performance with SIP Proxy
application level Health checking
Offloads Proxys response to SIP clienthealth/info checks
Ensures persistence based on the SIP
protocol call ID
Secures Proxy with wire speed NAT and
DoS filtering to ensure minimum latency in
IP Telephony networks
Secures Traffic with SSL Acceleration
8/12/2019 AOS V23.0 Beta Training
55/57
8/12/2019 AOS V23.0 Beta Training
56/57
PG 56 NORTEL NETWORKS CONFIDENTIAL
Layered Security
ScanSynFin DoS Attack
Anti-Spoofing
Worms, Viruses, Trojans
Peer-to-Peer
Instant Messaging, Internet Radio
VoIP uaranteedimited
Nortel Internal
POR / Roadmap
ONLY
Under Strict NDA
8/12/2019 AOS V23.0 Beta Training
57/57
Nortel Application Switch Roadmap
> Resilient VoIP> Secure Switching
Connection Management Offload certain functions to specialized hardware Server Cloaking
XML acceleration> Guaranteed Application Delivery
Retry until response is obtained Inform operator before end users
Protocol Optimizations
Asymmetric Compression for any protocol Object caching
Creating a resi l ient netwo rk that intel l igently, accelerates and
secures converged appl icat ions in a global enterpr ise