First, the high stability, is flexible long-distance turns onthe case
The tradition turns on the way the limitation
This case is the domestic some airline's network way. In thepast, in order to solve the unit either the enterprise interior staffin the far-end visit unit or enterprise's network resources, theinformation department needs to apply for the telephone line whichturned on, when the user were many, for the convenience user's usealso needs to apply for the relaying telephone line; Needs thetelephone signal which Modem Pool will simulate to transform the data;Needs the digit dialing visit server, transforms again the IP datapacket the serial data which in the network transmits. Visits theserver the quality directly to affect to turns on the service thequality. Because the most units and the enterprise turn on the scalenamely to turn on the user quantity and telecommunication operationbusiness compares extremely is all small. Selects Modem Pool, visitsthe server the quality to receive the very big limit. Simultaneouslythe most units and the enterprise all with difficulty look like thetelecommunication operation business equally to be allowed to turn onthe equipment for these networks to provide the extremely idealworking conditions. Therefore, the most units and enterprise's gradeof service lacks the economy, the effective means safeguards.
VPN long-distance turns on the way
VPN long-distance turned on way thorough settlement above allquestions, was the IT superintendent provides the brand-new way, forlong-distance turned on the user to provide, the stable service highspeed. (Like on chart shows) under this way, no matter the user usesthe technology which what kind turns on, (the PSTN digit dialingmeets, ADSL turns on, ethernet turns on, line cable modem) so long ascarries out VPN customer end software in on the long-distance user'scomputer, turns on the equipment through central VPN theauthentication, establishes a IP tunnel, may high speed, the stablevisit center network resources.
At the same time, through the choice suitable IP tunnel agreement (forexample IPsec, PPTP, L2TP, L2F and so on), may the effective safeguarduser's data in the public IP network (for example Internet) thetransmission is safe reliable. And through choice suitableverification way, but also may further guarantee the data theintegrity, namely the guarantee data transmits in the network, cannotby the person tamper with.
VPN long-distance turns on customer group
VPN long-distance turns on the way most to be suitable for thecompany interior frequently has the mobile personnel long-distancework the situation. Travels on official business the staff the VPNservice which provides using local ISP, may with company's VPN gatewayestablishment private tunnel connection.
Mainly has several kind of users specially to suit uses VPN:
To moves the work to have the request the user. Nortel allfrequent must with the company networking, visits the data material.
User/stand distributed scope broad, between each other distance isfar, proliferates global each place, must through thetele-communication, even international long-distance method relationuser;
To line secrecy and usability request quite high user.
Long-distance turns on the case the superiority
Simplification network. The reduction uses in modem and theterminal service equipment fund and the expense which is connected;
Invests few. Only needs to invest a VPN gateway equipment, may solveturns on the question several dozens to several thousand people;
Province expense. Realizes the function which the local digit dialingturns on to substitute for the long-distance range to turn on or 800telephones turns on, like this can remarkably reduce the two-waycommunication the expense;
The use scope is broad. Many wide bands user's address was the privateaddress, Contivty very good solution this question, moreover was theautomatic detection.
Enormous may the extension, easily carries on the management to thenew user;
Supports the many kinds of standards authentication mechanism, likeLDAP, RADIUS. Carries on to the user based on the strategy safe visitand the resource management;
Diverse turns on the way. Which one kind regardless of the user doesuse to turn on the way, so long as may visit the Internet, mayestablish the VPN connection, may visit from Internet any place to theoneself company interior resources.
May greatly be possible to be small, free choice. Regardless of thecompany size, Contivity all has the product which corresponds, from 5users to 5,000 users.
Regarding turns on user extremely many companies and the unit,Contivity is Gao Ke which the support long-distance turns on uses thepattern, the safeguard user service continuity.
Just because VPN turns on the way to be able to give the mobilesubscriber to bring many advantage, simultaneously moves the work moreand more to become the working pattern which the people hoped. VPNturned on overseas in already becomes each company not to be able toleave turns on the way, enormously has facilitated staff's networkingrequest. Should arise suddenly the event in particular to some,reduced the response and the processing time.
Second, Nortel small and medium-sized enterprise network case
Case simple description
This case is the domestic some advertisement company's networkcase. In this case, the hub uses the DDN special line to turn on theinternet, the center disposes contivity2700 to take the hub equipment,on the equipment starts the firewall and the high-quality dynamicroute function. The branch office basis different network situationand the network demand dispose Contivity 1100, Contivity 600 andContivity 1,700. The branch office uses turns on the way to be allowedto be the present extremely universal ADSL way turns on the way alsoto be allowed to be a way which the DDN special line turns on. ThePPPoE customer end supports which through Contivity itself maydirectly link receives on ADSL Modem the local area network port. Allequipment because are directly connected with the Internet, all thecondition examination firewall which sets at Contivity in opens, theprotection device and internal network exempt is come from theInternet attack.
Mobile subscriber's turning on
The mobile subscriber may use each kind to turn on the way toturn on the Internet, through VPN customer end software, mayfacilitate and the center network equipment establishment encryptionVPN tunnel, visits internal network the resources, simultaneouslyretransmits through the central equipment may visit each branch officethe network resources.
Internet visit
All internal network users all may in the visit interiornetwork simultaneously the visit Internet, specifically realize theway to be allowed to have two kinds, one kind is the complete networkuser visit internet all carries on through the hub equipmentretransmits, receives on the central equipment the firewall protectionand the control, this way may visit the Internet to the internalnetwork the information to carry on the centralism the managementcontrol; Another method directly carries on the visit through eachbranch office's equipment, directly manages the strategy decisionsafety control by in each branch office's Contivity firewall.
This plan aims at customer group
This network way
VPN long-distance turns on the way most to be suitable for thecompany interior frequently has the mobile personnel long-distancework the situation. Travels on official business the staff the VPNservice which provides using local ISP, may with company's VPN gatewayestablishment private tunnel connection.
This plan characteristic
Simplification network design
The user may use the VPN technology substitution tradition torent the line to realize branch office's connection. This may carry onto the toll line the installment, the disposition and the managementduty reduces to is smallest, only this may enormously simplifyenterprise WAN the design. Moreover, VPN visits through the digitdialing from to ISP or the NSP outside service, reduced the modempond, simplified the connection which needs, simultaneously simplifiedwith the long-distance user authentication, the authorization andrecords the account correlation the equipment and processing.
Reduces the cost
VPN may moreover remarkably reduce the network maintenance andthe use cost immediately. When uses Internet, in fact only must payeach minute 2 cent money to access the net the line to take theexpense, but is not each minute 0.11 Yuan telephone conversationexpense, moreover regarding the user which travels on officialbusiness, may omit the long-distance speech expense. Therefore,establishes VPN with the aid of ISP, may enormous save thecorrespondence expense. In addition, VPN also causes the enterprisenot to need to invest the massive manpower and the physical resourceinstalls and maintains the WAN equipment and the long-distance accessequipment, these work all may give ISP. But regarding branch office'sturning on, ADSL turned on the way and the traditional special lineway has saved many expenses. The most places, the ADSL commercialpackage of monthly allowance only then 800 Yuan/months, some placesare even lower.
The network has the high security
The network security regarding the present enterprisenetworking is extremely important. VPN has the many kinds of ways tosafeguard the user network the security. First is through the manykinds of securities authentication and the password, guaranteed onlyhas the legitimate user and the legitimate branch office only then mayturn on; Each kind of agreement and encryption method integrates whichthrough the VPN technology in, guaranteed data transmits when theInternet, cannot steal and the revision; Again has is in each VPNequipment when connects the Internet, all certainly turns on thefirewall the function, is completely most greatly possible to protectthe internal the security.
Expands easily
Regarding user which long-distance turns on so long as mayvisit the Internet, may in long-distance turn on in the company. Whenneeds to increase the branch office, also extremely simple: Increasesa Contivity equipment, applies for ADSL in the locality. So long asADSL has put through, only needs through Contivity based on the Webcontrol interface, makes the simple establishment to be allowed tobuild the headquarters the special net connection.
The network has the high reliability
Because establishes the encryption on the Internet the tunnelis the logical production. Like this we may in a physical connection,establish the multi- strip logic the encryption tunnel to network inother all pitch points. Forms in physics is the star type networkarchitecture, in the logic is the most reliable entire networkstructure. Any pitch point breaks down, all cannot affect other pitchpoints.
As for the enterprise that, VPN has safely provided safely, thereliable Internet visit channel, further developed for the enterprisehas provided the reliable technical support. Moreover VPN can providethe owner-use circuit type service, is the convenience quickenterprise private network. The enterprise even may not need toestablish own WAN maintenance system, but hands over this arduous dutyby specialized ISP completes.
Third, redundant reliable large-scale network case
Case simple description
The large-scale unit and the enterprise are extremely high tothe network reliable request. Because turns on the branch office aswell as turns on the long-distance mobile subscriber's quantity areextremely many, the network service cannot sever. In the networkdesign and the implementation, must take some pointed measures in viewof these situations. This case takes from the overseas some majorindustries, like Prudential Financial and so on, left out each companyunique some contents, the simplification reorganized.
In this case, the hub uses two DDN special line to turn on theinternet, two lines mutually are the backups, prevents because of thehub line fault influence entire network movement. The center disposestwo Contivity4600 to take the hub equipment, separately turns on theinternet through the DDN special line, on the equipment starts thefirewall and the high-quality dynamic route function. Two equipmentmutually are the backups, solves the equipment simple point breakdown.(Certainly, the central two equipment not necessarily must be the samemodels. Also may be Contivity 4,600, another is Contivity 1,700, evenmay be Contivity 1,010.)
Two Contivity 4,600 interior networks connection begins using the VRRProute technology, regarding internal network said is equal to anequipment, the equipment failure automatic cut over, regardinginternal net user is transparent. Said regarding exterior networkmobile subscriber that, two equipment respectively are theActive-Active patterns, regarding also the customer end istransparent; As for the branch office may through the dispositiondynamic route agreement way, realize to two equipment automaticbackups and the breakdown restoration.
Branch office's turning on with formerly introduction not very specialdifference. Only is each branch office equipment all must separatelywith two central equipment establishment logic VPN tunnel, throughdynamic route agreement (SRT technology) automatic selection way.Simultaneously also may realize the current capacity load equalizationon the central two links.
All equipment disposition firewall, the protection device and internalnetwork exempt is attacked, simultaneously may conveniently controlthe single network user the visit jurisdiction.
Main reliability design and technology
Contivity unique Active-Active working pattern
Between central two Contivity through the exchange information,keeps abreast of opposite party load situation. The request may carryon the dynamic adjustment visit to the far-end. If appears thebreakdown, the customer end can automatic reland to another Contivityon.
Contivity 4,600 entire redundancies designs
Contivity 4,600 is specially designs for the redundant reliableapplication environment under. This equipment CPU, the hard disk, thepower source all is the redundancy design, moreover also is equippedwith the sensitive temperature sensor. The equipment workingcondition, reported as necessary gives the network management system.
Contivity SRT technology
Moves the dynamic route agreement on the safe IPsec tunnel is anot easy matter. This is as a result of the IPsec this at presentsecurity highest agreement treating processes, far must be morecomplex than the ordinary TCP/IP agreement. But north Nortel thevery good solution this technology difficult problem, and proposed thesecurity route technology. This is SRT.
The double link turns on
Two links turn on the solution last the kilometer question.Avoids appearing because constructs or the municipal administrationconstruction, accidental creates the headquarters the networkbreakdown.
ECMP technology
North Nortel in SRT foundation, but also further hassupported the current capacity balanced technology which multichannelpasses through.
Fail-Over option
Regarding long-distance user's turning on, Contivity maydispose many Fail-Over in its oneself Contivity to tabulate. Whenappears the breakdown, long-distance turns on the customer end can beautomatic Contivity which seeks in tabulating may connect.
VRRP technology
The realization lacks the province gateway the redundantbackup.
This plan aims at customer group
Turns on the user to be extremely many
Turns on the branch office are extremely many
The network service cannot sever
Reliable request extremely high major industry and unit.
This plan characteristic 920-164 920-166 920-167
The center uses Nortel , mutually is the backup, enhancesthe reliability.
The center disposes two equipment, mutually is the backup, thesolution simple point breakdown.
The entire network begins using the dynamic route (for example OSPF),automatic selection optimal path. Appears the breakdown to have from.
Fourth, the traditional special line and the Internet mutually are thebackup large-scale security enterprise network case
Case simple description
In this case, the hub not only uses two DDN special line toturn on the internet, moreover also connects frame relaying perhapsthe DDN tradition through Contivity is specially on-line. Central twoContivity puts behind the headquarters two firewalls. Two equipmentmutually are the backups, solves the equipment simple point breakdown.
With front different is, certain branch office equipment not only withInternet connected, moreover passes another special line and theheadquarters is connected; Certain branch offices even directly onlywith special line connection.
In the network supports the application not merely is the data visit.The user also may through computer on software, make the phone call inthe network, true realization migration work. Not only may visit thecompany interior as necessary the data, moreover also may move tooneself in company's extension telephone each scene, may as necessarythe work.
Main consideration
Internet safe access control
Has the strict control regarding the major industry regardingthe Internet visit. Although establishes VPN through the Internet toconnect the headquarters one by one the branch office to be alloweddirectly to visit the Internet, but this way is disadvantageous to theentire enterprise network system secure continuously. Therefore, allvisits Internet current capacity all certainly must compileheadquarters. Carries on the safe access control in the headquartersby the special firewall.
To voice and so on real-time application support
The motion work demand unceasing growth, the real-timeapplication unceasing increase, transmits a higher request to thenetwork which the platform also proposed. May realize the many kindsof effective services quality safeguard mechanism on Contivity, causesthe many kinds of real-time applications to be allowed the normalwork.
Link redundant backup
The traditional special line merit is serves the quality tohave the strict safeguard. The Internet wide band merit is the bandwidth resources is rich, moreover on between Internet each pitch pointall is the netted connection, the connection reliability has thesafeguard. Contivity may effectively help the user to balance two kindof links the resources, delivers the general data current capacity theInternet on the VPN channel, but will deliver on the traditionalspecial line to the time delay sensitive current capacity.
This plan aims at customer group
Turns on the user to be extremely many
Turns on the branch office are extremely many
The network service cannot sever
Support many kinds of different types network application
Reliable request extremely high major industry and unit.
This plan characteristic
Center common control visit to Internet.
The center uses Nortel , mutually is the backup, enhances thereliability.
The Internet line and the traditional special line coexist, balancestwo kind of technical the good and bad points. Found a balance pointin the cost and between the network service quality.
The center disposes two equipment, mutually is the backup.
The entire network begins using the dynamic route (for example OSPF),automatic selection optimal path. Appears the breakdown to have from.
Fifth, north Nortel IP VPN product characteristic
Summarizes above several typical Contivity the IP servicegateway case, north Nortel below IP the VPN product has thecharacteristic:
Based on standard tunnel technology
To IPsec, L2TP, PPTP and the L2F standard tunnel agreementsupport, provides with the massive multi- merchants VPN software andhardware is mutually operational.
Encryption
Supports DES, 3DES and the advanced encryption standard (AES),provides the biggest end-to-end security for the transmission data.
Authentication
To RADIUS, LDAP, SecureID and the X.509 numeral certificate aswell as makes the sign card and the smart card support, provides thefield most widespread authentication option. The enterprise may usethem to have based on the table of contents service, regardless of isNovell NDS, Microsoft moves the table of contents, or designs themfrom already safe authentication mechanism.
Comprehensive VPN client support
Contivity is suitable to MS the Windows system (includesWindows95, 98, 2,000, NT, Millennium and XP) VPN client software freeaccompanies each Contivity equipment to provide. Contivity the VPNclient similarly may be used in UNIX and under the Macintosh operatingsystem. In addition, may support through the third party IPsec clientwireless and grasps the equipment the security to turn on.
Condition examination firewall
The Contivity condition examination firewall collection iseasy the contact surface and the function which uses rich filters therule to a body, provides the multiple defense line for enterprise'sprivate network. Uses the hacker attack protection which thewidespread record, the massive applications level gateway (ALG) and insets, Contivity may provide the line fast volume of goods handledsimultaneously the protection enterprise network and the data exemptsthe attack which has not been turned on the authorization. Contivitythe Stateful firewall can further with the VPN terminal and thenetwork address translation (NAT) the service union, in order to orthe non- tunnel connection transmission data nimbly applicationstrategy filters the function through the tunnel.
Security route service
Is sure Contivity based on the standard IP route industry tobe possible to integrate in the existing router network, or theindependent deployment constructs one kind of altitude redundancy inthe network and the highly nimble security network. Through to openingmost short-path first (OSPF), route information agreement (RIPv1 andv2) as well as hypothesized route redundant agreement (VRRP) thesupport, Contivity may dynamic choose the road for the currentcapacity to bypass the breakdown connection and the equipment,simultaneously in the coordinated good way implements the currentcapacity carries on the load to be balanced. These functions may or inthe non- tunnel connection realize in the tunnel. When tunnelretransmits through IP the VPN the IP service flows, the Contivitysecurity route technology (SRT) has avoided the complex seal agreementand the related expenses.
Band width management/grade of service
The formidable grade of service (QoS) the characteristiccauses the IP network which Contivity may realize highly optimizes.Through the high-level service, like DiffServ, RSVP and high-levelline up in formation the management. Contivity may guarantee the gradeof service, satisfies all essential duties data the demand. Contivitynot only may come through the IP current capacity type for the currentcapacity division priority, simultaneously may the user, the usergroup and the VPN tunnel divides the priority, may realize the fineQoS granularity control. Through the retention minimum guarantee bandwidth, Contivity guarantees in the multiuser environment retains theindividual user the band width.
LAN/WAN flexibility
Through to 10/,100 Mbps ethernet, frame relaying, PPP, T1CSU/DSU, HSSI, V.35, X.21 and the V.90 modem support, Contivityprovides the enormous layout flexibility in the enterprise network.May take through frame relaying, the digit dialing or rents the lineconnection main WAN and Internet turns on the equipment, as well asturns on the equipment through standard ethernet connection connectionexisting LAN/WAN or Internet. When the main WAN connection appears thebreakdown, digit dialing backup passable spare connection transmissioncurrent capacity.
Comprehensive management service
The rich integrated type management tool causes the enterpriseor the service supplier may with ease dispose and monitor theContivity equipment.
These management includes:
Disposition
With the aid of inserts type HTML the Web connection, northNortel orders the good connection (NNCLI) or independent Contivitydisposes the superintendent tool to be possible with ease to disposethe single Contivity equipment, or the batch establishes in alarge-scale network infrastructure many Contivity equipment.
Long-distance management option
May (NOC) realizes from the data central or the networkoperation center to the Contivity establishment.
Fast starts the tool
Applies the initial configuration flow to direct the non-technical user operation, eliminated the scene to install the demand.
Fault management
SNMP, warning monitoring device and historical breakdownbrowser - fast examination question.
Keeps accounts
The rich security and the system recording tool enable themanager to be allowed to track all business processing and the event.
Just because VPN can bring many advantage to the user, VPN developsexceptionally in the whole world prosperously, in North America andEurope, VPN already obtained the 920-164 920-166 920-167 quite universal application in eachcompany; In the Asian and Pacific area, in China, IP the VPNtechnology already rapidly is also accepted, the motion work alreadyturned one fashion the work way.
