RS 2100 Introduction

SoftwareOverview

2.3.4Layer-4 Switching

In addition to layer-2 bridging and layer-3 routing, the RS 2100 performs layer-4 switching. Layer-4 switching is based on applications and flows.

Layer-4 Applications – The RS 2100 understands the application for which an IP or IPX packet contains data and therefore enables you to manage and control traffic on an application basis. For IP traffic, the RS 2100 looks at the packet’s TCP or UDP port number to determine the application. For IPX packets, the RS 2100 looks at the destination socket to determine the application.

Layer-4 Flows – The RS 2100 can store layer-4 flows on each line card. A layer-4 flow consists of the source and destination addresses in the IP or IPX packet combined with the TCP or UDP source and destination port number (for IP) or the source and destination socket (for IPX). You can therefore manage and control individual flows between hosts on an individual application basis.

A single host can have many individual layer-4 entries in the RS 2100. For example, an IP host might have separate layer-4 application entries for email, FTP, HTTP, and so on, or separate layer-4 flow entries for specific email destinations and for specific FTP and Web connections.

2.3.5Security

The bridging, routing, and application (layer-2, layer-3, and layer-4) support described in previous sections enables you to implement security strategies that meet specific needs. For layer-2, a wide range of bridging filters are available. Additionally, all layers can be protected using Access Control Lists (ACLs) filters. You can implement the following types of filters and ACLs to secure traffic on the RS 2100:

Layer-2 source filters (block bridge traffic based on source MAC address)

Layer-2 destination filters (block bridge traffic based on destination MAC address)

Layer-2 flow filters (block bridge traffic based on specific source-destination pairs)

Layer-3 source ACLs (block IP or IPX traffic based on source IP or IPX address)

Layer-3 destination ACLs (block IP or IPX traffic based on destination IP or IPX address)

Layer-3 flow ACLs (block IP or IPX traffic based on specific source-destination address pairs)

Layer-4 flow ACLs (block traffic based on application flows)

Layer-4 application ACLs (block traffic based on UDP or TCP source and destination ports for IP or source and destination sockets for IPX)

In addition to filtering and ACL, the RS also provides login security in the form of TACACS, TACACS+, RADIUS. and Secure Session Shells (SSH) version 1.5.

2.3.6Quality of Service

Although the RS 2100 supplies non-blocking, wire-speed throughput, you can configure the RS 2100 to apply Quality of Service (QoS) policies during peak periods to guarantee service to specific hosts, applications, and flows (source-destination pairs). This is especially useful in networks where the traffic level can exceed the network capacity.

QoS policies can be configured for the following types of traffic:

Layer-2 prioritization (802.1p)

Layer-3 source-destination flows

Layer-4 source-destination flows

Riverstone Networks RS 2100 Switch Router Getting Started Guide 2-5

Page 27
Image 27
Riverstone Networks RS 2100 manual Layer-4 Switching, Security, Quality of Service

RS 2100 specifications

Riverstone Networks RS 2100 is a versatile networking solution tailored for service providers and enterprises. Designed to facilitate seamless data, voice, and video services, the RS 2100 presents a robust platform that integrates both hardware and software capabilities. This device stands out in the realm of advanced routing and switching technologies, offering extensive features that cater to a wide array of connectivity needs.

One of the key features of the RS 2100 is its ability to support high-speed interfaces. With multiple Gigabit Ethernet ports, the device ensures substantial bandwidth to handle growing data traffic demands. This makes it an excellent choice for organizations looking to future-proof their networks. Additionally, the RS 2100 supports aggregation of different types of traffic flows, allowing for efficient resource utilization and enhanced performance.

The RS 2100 also boasts advanced Quality of Service (QoS) capabilities, which are essential for prioritizing different types of traffic. This is particularly important for applications that require consistent performance, such as VoIP calls or video streaming. By enabling service providers to guarantee bandwidth for critical applications, the RS 2100 enhances user experience and customer satisfaction.

Security is another critical aspect of the RS 2100, featuring multiple layers of protection against various cyber threats. With support for robust firewall functionalities and various VPN protocols, the device ensures that sensitive data remains secure, thereby fortifying the network against potential attacks.

In terms of scalability, the RS 2100 is highly adaptable. Organizations can easily expand their network capabilities as demands grow, thanks to its flexible architecture. This scalability ensures that users can comfortably accommodate increasing user counts and traffic levels over time without necessitating significant infrastructure changes.

The RS 2100 also integrates seamlessly with existing IT infrastructures. Utilizing standard protocols and interfaces, it simplifies deployment and management processes, allowing organizations to easily incorporate it into their current systems. Overall, Riverstone Networks RS 2100 is a powerful and efficient networking solution, equipped with the features needed to support modern communication demands, ensuring reliability and performance across diverse applications. As businesses and service providers continue to evolve, the RS 2100 serves as a trusted partner in navigating the complexities of networking and connectivity.