Allied Telesis' Layer 3 managed switch product offerings are broad and growing fast. The current switch products address today's heterogeneous networks - from the smallest small business network to large enterprise LANS - and facilitate their growth by offering numerous options.
This Full Layer 3 software upgrade for Rapier switch family includes IPv6, BGP4, OSI IS-IS protocols.
SIF - Stateful Inspection Firewall
Allied Telesis' state-of-the-art Stateful Inspection Firewall delivers the highest level of security possible by providing full application-layer awareness without breaking the client/server model. Stateful Inspection extracts the state related information required for security decisions from all application layers and maintains this information in dynamic state tables for evaluating subsequent connection attempts. It protects against a wide range of Denial of Service (Dos) attacks including Ping of Death, SYN/FIN flooding, Smurf attacks, port scans, fragment attacks and IP spoofing. E-mail alerts are automatically triggered when such attacks are detected. This provides a solution that is highly secure and offers maximum performance, scalability, and extensibility.
Application gateways - SMTP proxy, HTTP proxy
The mail proxy inspects SMTP sessions as they pass through the firewall. By accepting or rejecting sessions based on source and destination address rules, abuse of e-mail servers is limited. Typical forms of e-mail abuse include receipt of unwanted advertisements, spam, and unauthorized forwarding of mail.The Web proxy inspects and filters outbound HTTP sessions as they pass through the firewall. The proxy can inspect URLs and restrict cookie activity.
Advanced Encryption Standard (AES) is an algorithm that replaces the Data Encryption Standard (DES) as the Federal Information Processing Standard for encrypting data. AES is different from DES and 3DES because it supports a longer key length and uses different routines to encrypt and decrypt data. Encryption algorithms with a long key length are more secure than those with a short key length.
The IEEE 802.1x standard manages port-based network access. It provides authentication to devices attached to a LAN port, by initiating a connection or preventing access from that port if authentication fails. Valuable for authenticating and controlling user traffic to a protected network, 802.1x is also effective for dynamically varying encryption keys. 802.1x attaches the Extensible Authentication Protocol (EAP) to both wired and wireless LAN media, and supports multiple authentication methods, such as token cards, Kerberos, one-time passwords, certificates, and public key authentication.
BGP-4 - Border Gateway Protocol version 4
BGP-4 is an external gateway protocol which allows two routers/switches in different routing domains, known as Autonomous Systems to exchange routing information. This facilitates the forwarding of data across the border of the routing domains. BGP-4 allows routers/switches to learn multiple paths, choose the best path for routing information and install that path in the IP routing table.
WAN load balancer
The WAN load balancer enables the router to combine bandwidth from multiple WAN connections for increased throughput and redundancy. When a router simultaneously connects to multiple WANs, the WAN load balancer will distribute the traffic based on any one of a number of selectable balancing algorithms. A typical example would be a router that has two Internet connections each exchanging data to remote sites via different Internet providers. In this case an outage limited to one network will not result in a loss of connectivity to these sites.
QoS - Quality of Service
QoS intelligently manages network traffic to allow stable and predictable end-to-end network performance. Comprehensive, low latency QoS features operating at wire-speed provide flow based traffic management with full classification, prioritization, traffic shaping and min/max bandwidth profiles. AlliedWare's QoS features are ideal for service providers wanting to ensure maximum availability of premium voice, video, and data services, and at the same time manage customer service level agreements. For enterprise customers, QoS protects productivity by guaranteeing performance of business-critical applications including VoIP services, and helps to restore and maintain responsiveness of enterprise applications in the networked workplace.
IGMPv2 - Internet Group Management Protocol
IGMP is used between hosts and multicast routers and switches on a single physical network to establish hosts' membership in particular multicast groups. Multicast routers use this information, in conjunction with a multicast routing protocol, to support IP multicast forwarding across the Internet.
GUI and SSL - Graphical User Interface and Secure Sockets Layer
The GUI is a web-based management tool designed for intuitive, easy-to-use device configuration and monitoring. Its purpose is to make complicated tasks simpler and regularly performed tasks quicker. A GUI connection can be secured with the use of the SSL. SSL is a security protocol that provides secure communication by allowing the client to verify the server's identity before either side sends any sensitive information. SSL encrypts data to prevent a third party from interfering with the message.
SSH - secure shell
Secure management is increasingly important in modern networks, as easy, effective device management and the need for security are two almost universal requirements. SSH is a secure Telnet type access that provides strong authentication and secure communication over insecure channels. While Telnet sends commands over the network in plaintext, SSH sends them encrypted. With SSH, a client can safely log into another computer over a network, execute commands in a remote machine, or move files from one machine to another.
The Scripting facility allows sequences of commands to be stored in a script and replayed at any time so that switches can be easily and quickly configured. This is useful when developing a complex configuration, making the same configuration change to several different devices or security appliances, or introducing a configuration change that must occur at a particular time. Scripts can be activated from the command line, from a trigger, or when users log in.
A trigger sets off an ordered sequence of scripts and commands to be executed when a certain event occurs, providing a powerful mechanism for automating the execution of commands in response to certain events. For example, triggers can be configured to collect diagnostic information after a reboot. Each trigger may reference multiple scripts and any script can be used by any trigger.
Link aggregation (trunking) allows a number of individual switch ports to be combined, forming a single logical connection of higher bandwidth. This provides a higher performance link, and also provides redundancy for a more reliable and robust network.
VRRP - Virtual Router Redundancy Protocol
VRRP provides automatic backup in mission-critical environments. This feature enables multiple routers or switches to share a virtual IP address that serves as the default LAN gateway. Should the master fail, the other devices assume the virtual IP address. LAN devices can continue to be configured with a single default gateway address, and because VRRP is a standard Internet protocol, full interoperability with other VRRP-supported products is assured.
EPSR - Ethernet Protection Switched Rings
Ethernet Protection Switched Rings allow several switches to form a protected ring with sub 50ms failover. This feature is perfect for high performance at the core of enterprise or provider access networks.
MSTP - Multiple Spanning Tree Protocol
MSTP addresses the limitations in the existing spanning tree protocols, Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP). MSTP is similar to RSTP in that it provides loop resolution and rapid convergence. However it also has the significant extra advantage of making it possible to have different forwarding paths for different multiple spanning tree instances. This enables load balancing of network traffic across redundant links.