Documente Academic
Documente Profesional
Documente Cultură
The advanced security capabilities of the Alcatel-Lucent Service Router (SR) IPSec-Integrated Service Adapter
(IPSec-ISA) provides comprehensive network-integrated Layer 3 IPSec virtual private network (VPN) deployment options, such as Remote Access Concentrator (RAC), site-to-site and network-to-network encrypted
IPSec security. Up to four IPSec-ISAs can be virtualized in a single Alcatel-Lucent 7750 SR chassis, enabling
up to 40 Gb/s of throughput with up to 64,000 concurrent IPSec VPN tunnels.
Features
Modular and highly scalable
The half-slot, hot-swappable IPSecISA is supported on the Input/Output
Module-2 (IOM-2), enabling rapid
service integration and service delivery.
This is especially useful where rack
space is at a premium. Up to four
IPSec-ISAs can be deployed in a single
chassis, along with any Media Dependent Adapter (MDA) or MDA-XP, and
on the same or multiple IOMs for
complete configuration flexibility.
Up to four 7750 SR IPSec-ISAs can be
deployed in the same 7750 SR chassis,
enabling service providers to scale VPN
service capacity as required. Each IPSecISA can support up to 16,000 concurrent sessions per adapter, and can
scale up to 64,000 concurrent sessions
when multiple adapters are deployed.
In addition, IPSec-ISA supports encryp
tion or decryption of both Layer 2 and
Layer 3 IPSec tunnel traffic at the rate
of 10 Gb/s per ISA, for a total per-
Advanced network-based
IPSec security
As a standards-based implementation,
the IPSec-ISA supports multivendor
interoperability for network devices,
end-node software and other VPN
systems. IPSec-ISA delivers a compre
hensive range of interoperable and
advanced VPN encryption and security
services. Key elements of the IPSecISAs advanced IPSec VPN services
include:
Network Address Translation
Traversal (NAT-T), including RFC
3947, RFC 3948
DES, 3DES, AES-128, AES-192 and
AES-256 encryption methods
HMAC-MD5 and HMAC-SHA1
authentication and hashing methods
Diffie-Hellman key generation
algorithms
Pre-shared keys and Internet Key
Exchange (IKE) shared secret with
Perfect Forward Secrecy (PFS) key
management authentication methods
Integrated resiliency
In addition to leveraging all of the
High Availability mechanisms from the
7750 SR, redundant IPSec-ISAs can be
configured in the 7750 SR chassis. In
addition, primary and standby IPSecISA designations can be defined, enabling
an IPSec-ISA to provide resiliency
protection for all concurrent sessions
across up to four primary IPSec-ISAs.
Upon failure of a primary ISA, the
standby IPSec-ISA assumes operations.
The active and redundant ISAs can be
deployed on any IOM in the same
chassis. In addition, the IPSec-ISA
supports a comprehensive range of
resiliency capabilities including Dead
Peer Detection, Multiple IPSec tunnels
per Virtual Private Routed Network
(VPRN), Dynamic Routing Protection
and Bidirectional Forwarding
Detection (BFD).
Comprehensive manageability
and OSS integration
As a fully integrated VPN solution,
the 7750 SR IPSec-ISA reduces opera
tional complexity by providing unified
network and VPN services from a single
managed platform with consistent and
simple operational provisioning and
subscriber policy management. All
functionality and services are tightly
Comprehensive network-based
IPSec security deployment
options
The integrating and virtualized
IPSec services on the SR allow service
providers to blend service offerings
by combining the capabilities of the
IPSec-ISA with the comprehensive
range of Layer 2 and Layer 3 IP/MPLS
service capabilities of the SR. For
example, service providers can simul
taneously map traffic into different
VPNs, such as IPSec VPN, Layer 3 VPN
or Layer 2 VPN, on the SR. IPSec VPN
security can be enabled on any SR
port, to any subscriber, regardless of
media type. Layer 2 traffic can be
encrypted into an IPSec tunnel with
generic routing encapsulation (GRE)
service distribution point (SDP), using
VSM. The different service deployment
options are described in Table 1.
Integrated remote access VPNs are a significant source of revenue for many wireline and wireless service
providers
The IPSec-ISA allows businesses and users to add, remove and change sites quickly and easily, using
integrated security-survival capabilities from their service providers
Integrated site-to-site VPNs allow businesses to share secure and encrypted VPN traffic among multiple sites
With increasing demand for IP Multimedia Subsystem (IMS), triple play and premium business services,
network-to-network security between partner carrier networks has become imperative, requiring scalable,
high-performance IPSec VPNs for traffic or content encryption
Wireless backhaul traffic may need to traverse partner or vulnerable wireline metro networks. Network-based
integrated IPSec security can be used to provide secure connectivity for wireless backhaul traffic
Technical specifications
Dimensions
Height: 1.3 cm (0.5 in.)
Width: 17.1 cm (6.7 in.)
Depth: 17.8 cm (7.0 in.)
Weight: 0.45 kg (1.0 lb)
Environmental specifications
Operating temperature:
0C to 40C (32F to 104F)
Relative humidity: 15% to 85%
(non-condensing)
Altitude: 3048 m (10,000 ft)
Minimum platform
requirements
IPSec-ISA requires IOM-2
Supported chassis:
7750 SR-7, 7750 SR-12
Minimum operating system:
For SR chassis: Service Router
Operating System (SR OS)
Release 6.1 or higher
For IPSec-ISA Adapter: SR OS
Release 6.1 or higher
Key management
authentication methods
MIBs
Timetra MIB
Pre-shared keys
Hardware:
OAM
Authentication and
hashing methods
HMAC-MD5, HMAC-SHA1
Integrated services
Encryption methods
Network/element
management
Ordering information
3HE03080AA ISA 7750 SR
IPSec ISA
www.alcatel-lucent.com