Alcatel-Lucent 780 manual TE CHN I CAL Specificat Ions

The Omni Access 780 USG offe rs superior high availabil ity for a region al or branch site, along with comprehensive remote management by leveraging a highly modular system design and innovative management architect ure. The OmniAcc ess 780 USG also integrates critical security featu res such as firewall, denial of service (DoS) protection, application level gateways, intrusion detecti on and preven tion, and IPSec virtual priva te networ k (VPN), onto one unified platform .

With a separate management plane, dedicated management processors, and multiple access mechanisms to reac h the syste m, Alcatel -Lucent's Lifeline man agem ent fra mew ork allows highly resilient remote system administration, independent of the st ate of the syst em . Al l ser vi ces provided by the OmniAccess 780 can be managed remotely,thereby eliminating the need for on-site intervention.

The Alcatel-Lucent ModuLive software platform pr ov ide s a ful ly mod ul ar, alwa ys liv e sof twa re ba se tha t

maximiz es system availa bility by enablin g in -service upgrades and configuration changes, and by ensuring that a fault in one service modul e has minimal or no impact on other serv ices . It also allows for online insertion and removal of line cards, obviat ing th e need fo r ne tw ork outages during hardware upgrades. As multiple services are added, scalability and per fo rm an ce ar e ma in ta in ed th ro ugh Alc atel -Lu ce nt's un iqu e OnePass approach, which performs common packet classification across multiple services.

Hardware

•Module slots: 6 interface slots

•Interface cards

¬8-port 10/100/1000 Mbps Ethernet

¬4-port T1/E1

¬4-port serial (V.35/X.21)

•Services engine (SE): 2-port 10/100/1000 Mbps Ethernet (built-in)

•Hot swappable line cards

•RAM (default/max) : 512 MB/1 GB

•FLASH memory: 512 MB

Routing

•Static routes

•RIP v1/v2 dynamic routing

•OSPF/BGP dynamic routing

•Multicast routing – PIM

•IGMP (v1, v2)

•GRE tunnels

•VRRP

•Policy-based routing

•Packet forward rate (64 byte pkts): 930 kpps *

•Forwarding performance: 2Gbps *

•Max. number of BGP peers: 200 **

•Max. number of VLANs: 4096 **

Firewall

•Stateful packet inspection and filtering (ACL)

•NAT (Source and Destination NAT)

•DoS and DDoS protection

•Protocol anomaly: IP,TCP, UDP

•ALGs: TFTP, FTP, NFS, DNS, RTSP, SIP, DHCP,

UA/NOE

•Common classification for all services

•Firewall performance: 2 Gbps *

•Concurrent sessions: 128,000 *

Quality of service

•L3/4 traffic policy definition

•Interface egress queues: 16 queues per interface

•Priority scheduling

•Weighted fair queuing

•Class-based queuing

•Hierarchical queuing: Up to 4 levels

•Ingress policing

•Egress shaping

•DSCP/TOS marking

•WRED

•DiffServ: RFC 3246, 2597, 2445

VPN (IPSec)

•Site-to-site VPN tunnels: Up to 1500 **

•Tunnel interfaces

•DES (56 bit), 3DES (168 bit), and AES (128, 192, 256 bit) encryptions

•MD-5 and SHA-1 authentication

•IKE with pre-shared key or PKI

•Perfect forward secrecy (DH groups): 1, 2, 5

•IPSec NAT traversal

•AES performance: 180 Mbps *

•Max. concurrent VPN tunnels: 1500 **

Intrusion detection/intrusion prevention

•Detection mode

•Prevention mode

•Automatic signature updates

•Group-based IDS/IPS: Priority/protocol/ intrusion type

WAN protocols

•PPP

•MLPPP

•Frame relay

•MLFR

•HDLC

•PAP/CHAP Authentication

LAN protocols

•STP

•Bridging

•IEEE 802.1Q VLANs

•Per-VLAN STP (PVST+)

•IRB (Integrated Routing and Bridging)

Network services

•DHCP relay/server

•DNS client

•TFTP server/client

•FTP client

•ssh server/client

•HTTP server

•Transparent Firewall

VoIP Support

•SIP / NOE ALGs

•Priority scheduling

•Dynamic Pinholing in Firewall

•DSCP classification and marking

•TFTP Server for booting IP phones

•DHCP options for phones provisioning