Ms-Isa r10 en Datasheet

8/10/2019 Ms-Isa r10 en Datasheet

http://slidepdf.com/reader/full/ms-isa-r10-en-datasheet 1/8

ALCATEL LUCENT7750 SERVICE ROUTER AND7450 ETHERNET SERVICE SWITCHMULTISERVICE INTEGRATED SERVICE ADAPTER

RELEASE 10

The Alcatel-Lucent Multiservice Integrated Service Adapter (MS-ISA) extends the level ofintelligence of the industry-leading Alcatel-Lucent 7750 Service Router (SR) and 7450 EthernetService Switch (ESS) platforms by virtualizing advanced service capabilities into a uniedservice edge. The Alcatel-Lucent MS-ISA provides purpose-built, extended functionality andenables deeper levels of integrated service capabilities with higher scale than typicallyavailable from costly dedicated appliances.

The Alcatel-Lucent MS-ISA provides apowerful platform for delivering advancedbusiness and residential services on the7750 SR and 7450 ESS without the needfor costly external dedicated appliances.The Alcatel-Lucent MS-ISA is a half-slot,hot-swappable resource blade that insertsinto an Input/Output Module (IOM). It

features a exible multi-core networkprocessor designed for high-touch packetoperations. MS-ISA services are virtual-ized and available to all ports across thechassis. Trafc ows are directed to theMS-ISA through the router’s backplaneand fabric, with support for more than10 Gb/s bandwidth. Multiple MS-ISAscan be installed in the system to provideredundancy and deliver greater servicescale.

Services currently supported on theAlcatel-Lucent MS-ISA include Application

Assurance, L2TP Network Server (LNS),Network Address Translation (NAT),Dual-Stack Lite AFTR services, WLANGateway, IPsec services, MS-ISA ThreatManagement System (TMS) and advancedvideo services.

MS ISA FEATURES• Provides multi-core network processor-

based, carrier-grade hardware, operatingwithin an industry-leading highly availableand proven chassis

• 10 Gb/s data path connectivity throughthe chassis backplane and fabric

• Multiple MS-ISAs can be installed withina chassis to scale services

MS ISA BENEFITS• Seamless integration into existing

Alcatel-Lucent 7750 SR or 7450 ESSchassis that fully interoperates with allexisting interfaces, thereby reducingstandalone network elements withassociated space and cabling, whilereducing power consumption, topologychurn and network latency.

• A single MS-ISA is equivalent to multipleexternal servers, offering huge scalabilityand resiliency advantages while reducingCAPEX.

• Consistent management of the MS-ISAservices using Alcatel-Lucent 5620 ServiceAware Manager (SAM) eliminates theneed to train and staff a team to maintaina large set of external servers, therebysignicantly reducing OPEX.



2

7750 Service Router and 7450 Ethernet Service Switch | Release 10ALCATEL LUCENT DATA SHEET

APPLICATION ASSURANCEApplication Assurance (AA) on theAlcatel-Lucent MS-ISA extends theservice depth and functionality of theAlcatel-Lucent 7750 SR and 7450 ESS byenabling visibility and intelligent controlfor IP applications, with extensive per-application, per-subscriber, or per-VPNLayer 2 and Layer 3 service policies,providing application reporting and trafc

management capabilities. ApplicationAssurance enables service providers todeliver enhanced and personalized Qualityof Service (QoS)-managed applicationperformance in highly differentiatedconsumer, business and mobile serviceofferings with industry-leading scale.

With Application Assurance, targettrafc for AA processing is diverted tothe ISA, based on an Application Proleassigned to the subscriber or service,which also contains parameters used bythe Application QoS Policy (AQP) rules,comprising match and action criteria thatdetermine the QoS treatment applied.This enables any combination of passivemonitoring and reporting, active band-width and/or ow policing, and ow-basedQoS re-marking to provide per-applicationservices.

Feature highlightsApplication identication

• Real-time per- ow stateful packetinspection on OSI Layers 3 to 7, todynamically identify and intelligentlymeter trafc ows, applications andunderlying protocols

• Unique identi cation of all business,mobile and residential applications,using IP address and ports, URI strings,Differentiated Services Code Point (DSCP)values or trafc direction, in addition toprotocol signatures to detect end-to-endapplication and ow performance behavior

• Full support for IPv4 and IPv6 traf c andapplications

• Application detection is highly exible andrelease independent, allowing in-serviceconguration of new application types.This is enabled by in-service upgrade

of protocol signatures, as well as fullyprogrammable application and applicationgroup denitions

• Accurate traf c identi cation by avoidingor eliminating asymmetric trafc ows.When AA is deployed at the IP edgerouter, this is a single processing point forall ows for each site/subscriber, so thereis no need to eliminate trafc asymmetry.When AA is deployed on a transit routersbehind the IP edge/BNG, asymmetry isautomatically removed by the AA solutionensuring accurate identication and control.

Application Assurance

• Extensive per-application policyenforcement with granular bandwidthshaping, policing and prioritization,dened on a per-subscriber or per-VPNsite to intelligently categorize applicationtrafc based on policy

• Delivery of deterministic end-to-endapplication behavior through applicationperformance optimization, application-

based QoS, application admission controland application-level mirroring

Application reporting

• Per-protocol, per-application andper-application group volume statisticsaccounting for all subscribers and Layer 2and Layer 3 VPNs (every byte, every packet,every ow for every application counted)

• End-to-end application volume statisticsavailable between subscribers, VPN sitesand servers

• Aggregated snapshot of IP ows providedper subscriber and per VPN site

• Performance reporting for TCP-basedapplications (including client and serverside) network delay/loss/jitter, sessionestablishment/closure delay/jitter, andclient-server transaction delay/jitter

• Integrated Telchemy VQmon® passiveperformance measurement technologyon in-service trafc for VoIP and videoconferencing MOS-related measurementsfor RTP-based A/V applications

• XML record export for volume accounting• c owd v10 record export for application

volume and performance measurements• RADIUS accounting export of application-

based charging groups for application-aware usage-based billing plans

Benets• Provider Edge (PE) integration for

residential subscribers or businessservices, as well as AA on spoke servicedistribution points (SDPs), allows optimaldistribution for personalized, on-demandservice deployments, with consistentoperational provisioning and subscriberpolicy management through a commonunied service management platform

• Transit subscriber integration in edgeor aggregation routers for residentialand business services allows AAdeployments for topologies requiringmultiple subscriber policy enforcementpoints under common provisioning andsubscriber policy management

• Enhanced managed services for residentialconsumers and content partners byleveraging Application Assurance toenable a premium Quality of Experience(QoE) for Internet video, audio, voice,gaming and other value-added content

• Comprehensive application recognitionand assurance for WAN Application-Assured VPN services, including Internetaccess, VPRN, VPLS and E Pipe services,to address enterprise requirements

• Scalable, pay-as-you-grow service with upto seven active MS-ISAs using ApplicationAssurance per chassis

• No impact on network topology to addAA services to residential or business

networks• No risk to service availability by insertion

of new links or appliances; the fail-to-fabric bypass ensures services remain upeven if the needed MS-ISA is not available

LNS SERVICESLNS services on the Alcatel-Lucent MS-ISAadd L2TP Network Server functionalityto the Alcatel-Lucent 7750 SR, allowingservice providers to offer the sameindustry-leading Enhanced SubscriberManagement (ESM) services to subscribersterminated on L2TP sessions that arealready available on the 7750 SR for IPoE(DHCP), PPPoE and PPPoA subscribers.By integrating an LNS into the 7750 SR,a single platform can support both PPP-based customers and provide an evolutiontowards IPoE (DHCP) while delivering aconsistent user experience.

One of the featured applications of LNSservices is the ability to introduce IPv6services over existing BRAS, where IPv6subscriber trafc is carried transpar-ently in an L2TP tunnel and over IPv4without any IPv6 support in the L2TPAccess Concentrator (LAC). LNS servicessupport the Alcatel-Lucent Service RouterOperating System (SR OS) IPv4 andIPv6 ESM features, so IPv4, IPv6, anddual-stack IPv4 and IPv6 subscribers areconcurrently supported.

Feature highlights• Retains all ESM features for IPv4 and IPv6

• Supports up to 64,000 L2TP sessions and16,000 L2TP tunnels per chassis

• Concurrent support for NAT and Dual-Stack Lite Softwire Concentrator on the

same MS-ISA

Benets• Features, management and accounting

for LNS subscribers are consistent withESM services on existing IPoE (DHCP),PPP, PPPoE and PPPoA subscriber accessmethods

• Allows the introduction of IPv6 servicesover an IPv4 access network and LAC



3


NAT SERVICESNAT services on the Alcatel-Lucent MS-ISAadd large-scale NAT capabilities to theAlcatel-Lucent 7750 SR, allowing serviceproviders to conserve IPv4 addressesand maintain IPv4 Internet access whilemigrating to IPv6. NAT services on theMS-ISA were developed to satisfy serviceproviders’ large-scale NAT requirements,starting with the carrier-grade 7750 SR

and MS-ISA platform and optimizing thesoftware implementation to provide scale,transaction rates, and complete loggingand accounting.

NAT services operate in two modes:Network Address and Port Translation(NAPT), with optimizations to providescale and a subscriber-aware, Layer 2-aware NAT. In NAPT mode, an operatorcan deploy centralized Alcatel-Lucent7750 SR to provide IPv4 continuity withminimal changes to the access networkand customer equipment. Layer 2-aware

NAT enhances NAPT to create a virtualNAT table per subscriber, allowing custom-ized NAT policies and integrated RADIUSaccounting, and it uniquely permits allsubscribers to share a common inside IPaddress to simplify IPv4 address assign-ment and administration.

NAT services on the MS-ISA can also beused to extend IPv4 services and provideadditional sources of revenue. NATservices allow for forwarding of trafcbetween VPN services with overlappingaddress spaces; for example, where a

branch ofce VPN service needs to bemerged into a larger corporate VPNservice. NAT services can also be usedto provide Internet access to an existingVPRN service.

Feature highlights• NAT44 and NAT64 with high scaling,

high transaction rate and N+1 MS-ISAredundancy

• Two modes of operation:

¬ NAPT with traditional inside andoutside addresses

¬ Layer 2-aware NAT, where NAT isagnostic to subscriber (inside) IPaddresses, allowing for overlapand reuse

• Each host assigned port range blocks forgreater scalability and reduced loggingrequirements

• Per-subscriber port limits with applicationpriority based on trafc-forwarding class

• Con gurable high/low prioritization ofapplications traversing the NAT, basedon trafc-forwarding class

• Concurrent support for L2TP NetworkServer and Dual-Stack Lite SoftwireConcentrator on the same MS-ISA

Benets• Mitigates service provider IPv4 address

exhaustion

• Allows IPv4 services to continue and evolveduring the migration to IPv6 services

• Layer 2-aware NAT removes requirementfor unique private IP addresses persubscriber

• Allows for unique NAT subscriber policiesthat are consistent with other Alcatel-Lucent7750 SR service access methods: PPP,PPPoE, PPPoA, L2TP LNS and IPoE (DHCP)

DUAL STACK LITEThe Dual-Stack Lite AFTR services on theAlcatel-Lucent MS-ISA add Dual-Stack Litesoftwire termination functionality to theAlcatel-Lucent 7750 SR. Dual-Stack Liteis an IPv6 transition technique that allows

the tunneling of IPv4 trafc across anIPv6-only network. Dual-stack IPv6 transi-tion strategies allow service providersto offer IPv4 and IPv6 services and saveon OPEX by allowing the use of a singleIPv6 access network, instead of runningconcurrent IPv6 and IPv4 access networks.Dual-Stack Lite has two components: theclient in the customer network, knownas the Basic Bridging BroadBand element(B4), and the Address Family TransitionRouter (AFTR) deployed in the serviceprovider network.

The Dual-Stack Lite AFTR services on theMS-ISA supports softwire termination,as described in draft-ietf-softwire-dual-stack-lite-06 for IPv4-in-IPv6 [RFC 2473]softwires, that encapsulate IPv4 trafcfrom the home network and IPv4-Internetacross the carrier’s IPv6 network.

Feature highlights• Highly scalable IP-in-IP tunneling of

IPv4 over IPv6 for unmetered, best-effortservices up to the scaling limits of LargeScale NAT Services

• Concurrent support for L2TP Network

Server and IPv4 NAT functions on thesame MS-ISA

Benets• Allows IPv4 and IPv6 services to run

across a single IPv6-only networkinfrastructure

• The Alcatel-Lucent 7750 SR also providesa complete IPv6 Broadband NetworkGateway function, including built-inDHCPv6 server

• Simple-to-deploy Dual-Stack Lite withthe 7750 SR Dual-Stack Lite AFTR

WLAN GATEWAYWithin the Alcatel-Lucent lightRadio™ Wi-Fisolution, the Alcatel-Lucent 7750 SRfunctions as the Wireless LAN (WLAN)Gateway and aggregates tunneled trafcfrom the WLAN Access Points (APs). TheWLAN Gateway features in the 7750 SRwith the MS-ISA support a variety ofwholesale and retail deployment scenarios,allowing both wireline and wireless pro-viders to leverage unlicensed Wi-Fi® asan access technology. The WLAN Gatewaysupports mechanisms to coordinate withthe provider’s back-end subscriber, policyand billing infrastructure for authentica-tion and parameters needed to createsubscriber context.

Feature highlights• Supports both wholesale and retail service

scenarios for wireline and wireless providers

• Highly scalable solution based on the 3GPPS2a Mobility based on GPRS TunnelingProtocol (GTP) (SaMOG) Release 11 “fat pipe”model which minimizes the number oftunnels between the APs and the WLANGateway

• Supports multiple authentication methodsincluding Extensible AuthenticationProtocol (EAP) and web-basedauthentication

• Supports inter-AP mobility for seamlessroaming between APs and cellular – Wi-Fiintermobility (cellular ofoad over Wi-Fiaccess) allowing user equipment to switchbetween cellular and Wi-Fi access

• Concurrent support for NAT functions onthe same MS-ISA

Benets• Allows wireline and wireless providers

to leverage Wi-Fi access to expandservice footprint

• Providers can deploy carrier-grade Wi-Fiservice offerings and maintain customervisibility and foster customer loyalty

• Allows wireless providers to preservecellular spectrum by ofoading data ontounlicensed Wi-Fi

IPSEC SERVICESIPsec services on the MS-ISA providecomprehensive, highly scalable andnetwork-integrated Layer 3 IPsecVPN connectivity, as a Remote AccessConcentrator (RAC) or for site-to-site ornetwork-to-network encrypted IPsecsecurity. IPsec services can also be usedin mobile networks as a highly scalable3GPP Security Gateway (SeGW).



4


Any physical interface can operate asan encrypted IPsec VPN port, enablingsupport for a diverse range of networktrafc types, interfaces and topologies.In addition, IPsec services can be combinedwith the Alcatel-Lucent 7750 SR compre-hensive range of IP/MPLS service offerings.

Feature highlights• IKE v1/v2

• Pre-Shared Key/XAUTH/Certi cateAuthentication

• High-performance, hardware-basedencryption and decryption

• Tunnel-mode Encapsulating SecurityPayload (ESP) with authentication support

• Bidirectional Forward Detection (BFD)within IPsec tunnels for fast tunnelfailure detection

Benets• Integrated IPsec services allow combining

of connectivity services, greater service scale

and resiliency, and reduced network latency• Fully integrated with Alcatel-Lucent

SR OS for unied service management,encryption and security, available to anyLayer 3 service on any physical port

MS ISA THREAT MANAGEMENTSYSTEM DDOS MITIGATIONTo meet the challenges of increasingDDoS scale and attack bandwidth,Arbor Networks and Alcatel-Lucent haveteamed up to port the Arbor NetworksPeak ow® SP Threat Management System

software onto the Alcatel-Lucent MS-ISAcard, creating a network- or cloud-basedapproach to DDoS scrubbing, wherethe TMS function is integrated withina carrier-class service router and canbe distributed across a serviceprovider’s network:

Arbor Networks identies all forms ofDDoS attacks as well as the “networksignature” of DDoS-related botnets as theytry to scan for vulnerable PCs to infect.Once anomalies are identied, Peakow SPsignals the TMS within the service routerto surgically mitigate attack trafc. Suspecttrafc is forwarded to the MS-ISA TMS forscrubbing, or to a series of MS-ISA TMSblades using round-robin load balancing.Attack packets are dropped by MS-ISATMS using a series of attack identicationand mitigation techniques, and cleanpackets are forwarded by the servicerouter to their original destination. TheMS-ISA is managed through Alcatel-Lucent5620 Service Aware Manager (SAM),and the TMS module is managed by theArbor Networks Peakow SP appliances.

Feature highlights• A carrier-class DDoS mitigation platform

that enables greater scale, lower costs andsimplied operations

• Leverages industry-leading technologyfrom Arbor Networks and their ASERTthreat research team, recognized expertsin global carrier threat and trafc analysis

• Up to 60 Gb/s of DDoS processing per

service router with other services active• Surgically removes attack packets at the

service provider network edge, eliminatingthe need to backhaul attack trafc deepwithin the service provider’s network

Benets• Allows service providers to extend their

addressable market for DDoS protectionservices through exible deployment ofthe mitigation function at any point in therouter network

• Enables DDoS scrubbing across a

wide range of verticals, customersand geographies, opening up newopportunities for DDoS mitigationservices.

• Protects new and existing services fromDDoS attacks and other threats

VIDEO SERVICESThe Alcatel-Lucent MS-ISA can be usedto deliver superior Internet ProtocolTelevision (IPTV) QoE by incorporatingadvanced video services into the networkelements, offering high scalability andexible deployment scenarios.

Advanced video services enabled bythe MS-ISA include:

• Retransmission (RET) and Fast ChannelChange (FCC) for IPTV running over RTP

• Linear TV Ad Insertion (ADI)

RetransmissionPacket losses in a video stream have animmediate and noticeable negative impacton an end user’s IPTV QoE.

RTP Retransmission is an IETF and DVB

standard for packet retransmission. TheAlcatel-Lucent MS-ISA supports both a RETserver, for downstream clients/set topboxes (STBs), and a RET client to requestretransmissions upstream and preemp-tively repair losses. By supporting both aRET server and client in the MS-ISA, thereis great exibility in how RET services canbe deployed, so services can be deployedwhere they are most cost-effective andmost needed.

Feature highlights

• Supports RET server on video packetretransmission on linear TV channelsfor downstream RET clients

• Supports RET client functions that allowmore efcient use of the provider’snetwork by preemptively recoveringmulticast packets lost upstream

• Concurrent support for RET and FCCon the same MS-ISA, providing up to

10 Gb/s of egress bandwidth

Benets

• Allows for a greater service footprint forIPTV services by ensuring quality videodelivery where the last mile infrastructurewould otherwise have unacceptablepacket loss

• Allows exible, distributed and hierarchicaldeployment options that optimize networkresources, increase scale and reduce CAPEX

Fast Channel Change

FCC is an Alcatel-Lucent method forproviding sub-second fast channel changeon multicast IPTV networks distributedover RTP. An FCC session is a unicaststream sent at an accelerated rate beforethe main multicast stream is joined.

The MS-ISA FCC server supports twomethods of time domain compressionfor the FCC unicast stream: bursting anddenting. Bursting sends the unicast abovenominal rate, and denting selectivelyomits less important video frames inthe unicast FCC stream. Denting is aparticularly useful FCC technique whenlast mile bandwidth is limited, and bothbursting and denting can be combined forfaster-than-real-time delivery of the mostpertinent video frames.

Feature highlights

• Provides sub-second linear TV channelchange performance for Fast ChannelChange requests from a downstreamSTB client

• Concurrent support for RET and FCC onthe same MS-ISA, providing up to 10 Gb/sof egress bandwidth

Benets

• Improves the end user’s Quality ofExperience by providing sub-secondchannel change performance

• Allows more ef cient use of the networkbandwidth by allowing greater levels ofvideo compression through larger Groupof Picture (GOP) sizes without affectingchannel change performance



5


Linear TV Ad InsertionThe Alcatel-Lucent MS-ISA Video Servicessupport local/zoned Linear TV ADI into themulticast video stream, thereby openingup new sources of revenue by allowingIPTV service providers to participate inthe advertising value chain.

The Alcatel-Lucent MS-ISA supports up to16 unique advertisement zones per main

multicast channel stream. Because thesplicer operates on the transport stream,ads can be spliced into either encrypted

or unencrypted main channel transportstreams. As a result, the MS-ISA splicer isable to offer much higher scale and con-currency than elementary stream splicers.

Feature highlights

• Provides the capability to insert up to16 unique ads into each linear TV channelfor 16 different areas or zones withineach demographic market area

• Supports ad splicing for both encryptedand unencrypted main streams

Benets

• Linear TV ADI unlocks new revenueopportunities for service providersby participating in the advertisingvalue chain

PLATFORM SUPPORTTable 1 provides a summary of the services supported on the Alcatel-Lucent MS-ISA when installed on IOM types within theAlcatel-Lucent 7450 ESS and 7750 SR product portfolio.

Table 1. MS-ISA service support matrix

SERVICE 7450 ESS 7750 SR

ESS 6, ESS 6V, ESS 7, ESS 12 SR C4 SR C12 SR 7, SR 12 SR 12E

Application Assurance IOM-20GIOM3-XP

√ √ IOM-20GIOM2-20GIOM3-XP

IOM3-XP

LNS services – – – IOM3-XP IOM3-XP

NAT services – – – IOM3-XP IOM3-XP

Dual-Stack LiteAFTR services

– – – IOM3-XP IOM3-XP

WLAN Gateway – – – IOM3-XP* IOM3-XP*

IPsec services – – √ IOM2-20GIOM3-XP

IOM3-XP

Arbor TMS – – – IOM3-XP IOM3-XP

Retransmission and

Fast Channel Change

IOM-20G

IOM3-XP

– – IOM-20G

IOM2-20GIOM3-XP

IOM3-XP

Linear TV Ad Insertion – – – IOM-20GIOM2-20GIOM3-XP

IOM3-XP

* WLAN Gateway functionality is congured in hardware on a slot basis where an IOM3-XP has two MS-ISA installed.

ORDERING INFORMATIONTable 2 provides ordering information for the MS-ISA hardware. Services on the MS-ISA require the purchase of Right to Use (RTU) licenses.Please contact your Alcatel-Lucent sales representative for pricing information on service licenses.

Table 2. Ordering information for the Alcatel-Lucent Multiservice ISA

PART NUMBER PART NAME COMMENTS3HE04922AA ISA – 7x50 Multiservice ISA Base Multiservice ISA card which can be used for AA, video, LNS, NAT

and IPsec applications

3HE05154AA ISA – 7x50 Multiservice ISA-E no encrypt Base Multiservice ISA-E card which can be used for AA, video, LNS andNAT applications. No IPsec support (no encryption)



6


TECHNICAL SPECIFICATIONSMS-ISADimensions, weight and power

• Height: 3.6 cm (1.4 in.)

• Width: 19.0 cm (7.5 in.)

• Depth: 17.8 cm (7 in.)

• Weight: 0.45 kg (1 lb) (approx.)

• Maximum power consumption: 65 W

Note: Weights and dimensions are approximate andsubject to change. Refer to the appropriate InstallationGuide for the current weight and dimensions.

Environmental specications• Operating temperature: 5°C to 40°C

(41°F to 104°F)

• Operating relative humidity: 5% to 85%

• Operating altitude: Up to 4000 m(13,000 ft) at 30°C (86°F)

Safety• EN 60950-1 2nd Ed CE-Mark

• IEC 60950-1 2nd Ed CB Scheme

• CSA/UL 60950-1 2nd Ed NRTL

EMC emission• ICES-003 Class A

• FCC Part 15 Class A

• EN 55022 Class A

• CISPR 22 Class A

• AS/NZS CISPR 22

• VCCI Class A

• BSMI Class A

EMC immunity• EN 300 386

• EN 55024

• IEC/EN 61000-4-2 ESD

• IEC/EN 61000-4-3 Radiated Immunity

• IEC/EN 61000-4-4 EFT

• IEC/EN 61000-4-5 Surge

• IEC/EN 61000-4-6 Conducted Immunity

• IEC/EN 61000-4-8 Magnetic Immunity

• IEC/EN 61000-4-11 Voltage Interruptions

Environmental• ETS 300 019-1-1 Storage Tests, Class 1.2

• ETS 300 019-1-2 Transportation Tests,Class 2.3

• ETS 300 019-1-3 Operational Tests,Class 3.2

• ETS 300 019-2-4, pr A 1 Seismic

• WEEE

• RoHS

• China CRoHS

Network EquipmentBuilding System (NEBS)

• NEBS Level 3 Compliant

¬ Telcordia GR-1089-CORE

¬ Telcordia GR-63-CORE

• Telcordia GR-295-CORE

• RBOC requirements

¬ ATT-TP-76200

¬ ATT-TP-76200 section 13,

TEER per ATIS-0600015.02¬ VZ.TPR.9205 TEEER per

ATIS-0600015.02

¬ VZ.TPR.9305

Application AssuranceRedundancy and scale

• 7750 SR-7 and 7750 SR-12

¬ Up to eight MS-ISAs per chassis

¬ Up to seven logical AA groups, eachwith N+1 MS-ISA warm redundancywith “fail-to-fabric bypass”

¬ Up to 70 Gb/s of wire-speed packetprocessing and application recognitionper system

• 7750 SR-c12

¬ Up to two MS-ISAs per chassis

¬ One logical AA group with 1+1 MS-ISAwarm redundancy or 2+0 MS-ISAnon-redundant


• 7750 SR-c4

¬ One MS-ISA per chassis

¬ One logical AA group non-redundant


Performance and scalability per ISA

• Up to 10 Gb/s processing capacity

• Traf c ow set-up rate of up to70,000 new ows per second

• Induced packet latency of existingows <20 µs

• Induced packet latency of new ows<100 µs

Supported services

• 7450 ESS: E-Pipe, VPLS, IES, ESMsubscribers

• 7750 SR: E-Pipe, I-Pipe, VPLS, IES, VPRN,Enhanced Subscriber Management (ESM)subscribers

• AA on Spoke SDPs is supported forservices on spoke SDPs on the IOM3-XPas indicated in Table 3

Standards support

• RFC 5101 – Speci cation of the IP FlowInformation Export (IPFIX) Protocol for theExchange of IP Trafc Flow Information

• RFC 5102 – Information Model for IP FlowInformation Export

LNS servicesRedundancy and scale

• Up to six MS-ISAs per chassis

• Up to four LNS groups

• Up to four MS-ISAs per group

• All MS-ISAs in an LNS group are activewith sessions distributed based on leastnumber of sessions and underlyingIOM3-XP load

• Up to 60 Gb/s of throughput per system



• Scaling constrained by MS-ISA IOM3-XPservice queue resources

Supported services

• L2TP tunnels can be terminated on any

local router interface VPRN, IES, baserouter loopback and Layer 3 SAP (VPRNand IES)

Standards support

• RFC 1332 – The PPP Internet ProtocolControl Protocol (IPCP)

• RFC 1334 – PPP Authentication Protocols

• RFC 1877 – PPP Internet Protocol ControlProtocol Extensions for Name ServerAddresses

• RFC 1994 – PPP Challenge HandshakeAuthentication Protocol (CHAP)

• RFC 2516 – A Method for TransmittingPPP Over Ethernet (PPPoE)

Table 3. Spoke SDP types and supported services

SPOKE SDP TYPE CONNECTED TO SERVICE

E-PIPE VPLS IES VPRN I-PIPE

E-Pipe Y Y Y Y Y

I-Pipe N N Y Y Y

VPLS N Y Y Y N



7


• RFC 2661 – Layer Two Tunneling Protocol“L2TP”

• RFC 2809 – Implementation of L2TPCompulsory Tunneling via RADIUS

• RFC 2868 – RADIUS Attributes for TunnelProtocol Support

• RFC 3145 – L2TP Disconnect CauseInformation

• RFC 3371 – Layer Two Tunneling Protocol“L2TP” Management Information Base

• RFC 3438 – Layer Two Tunneling Protocol(L2TP) Internet Assigned Numbers:Internet Assigned Numbers Authority(IANA) Considerations Update

• RFC 4638 – Accommodating a MaximumTransit Unit/Maximum Receive Unit (MTU/MRU) Greater Than 1492 in the Point-to-Point Protocol over Ethernet (PPPoE)

• draft-mammoliti-l2tp-accessline-avp-04.txt – Layer 2 Tunneling Protocol (L2TP)Access Line Information Attribute ValuePair (AVP) Extensions

NAT servicesRedundancy and scale


• Up to four NAT groups

• Up to four MS-ISAs per group with N+1warm redundancy

• Up to 60 Gb/s of throughput (non-redundant) per system

• Up to 36,000,000 total mappings



• Up to 64,000 sessions/second• Up to 6,000,000 total mappings

Standards support

• RFC 1918 – Address Allocation forPrivate Internets

• RFC 4787 – Network Address Translation(NAT) Behavioral Requirements forUnicast UDP

• RFC 5382 – NAT Behavioral Requirementsfor TCP

• RFC 5508 – NAT Behavioral Requirementsfor ICMP (formerly draft-ietf-behave-nat-

icmp-12.txt)• draft-ietf-softwire-dual-stack-lite-06.txt

– Dual-Stack Lite Broadband DeploymentsFollowing IPv4 Exhaustion

• draft-miles-behave-l2nat.txt –Layer2-Aware NAT

• draft-nishitani-cgn-02.txt – CommonFunctions of Large Scale NAT

• draft-ietf-behave-address-format-10.txt –IPv6 Addressing of IPv4/IPv6 Translators

• draft-ietf-behave-v6v4-xlate-stateful- 12 - Stateful NAT64: Network Addressand Protocol Translation from IPv6 Clientsto IPv4 Servers

• draft-ietf-behave-v6v4-xlate-23 - IP/ICMPTranslation Algorithm

Dual-Stack LiteRedundancy and scale


• Up to four NAT groups

• Up to four MS-ISAs per group withN+1 warm redundancy

• Up to 60 Gb/s of throughput(non-redundant) per system

• Up to 36,000,000 total mappings


• 128,000 active DS-Lite AFTR endpointsper ISA, with full statistics collectionand event logging

• 6,000,000 NAT mappings per ISA

• 10 Gb/s IMIX performance• Support for static port forwarding

via SAM API

Standards support

• RFC 2473 – Generic Packet Tunnelingin IPv6 Specication

• draft-ietf-softwire-dual-stack-lite-06.txt– Dual-Stack Lite Broadband DeploymentsFollowing IPv4 Exhaustion

• draft-ietf-softwire-ds-lite-tunnel-option-05.txt – Dynamic HostConguration Protocol for IPv6 (DHCPv6)

Option for Dual-Stack Lite

WLAN GatewayRedundancy and scale

• WLAN Gateway is con gured on a slot-basis with an IOM3-XP and two MS-ISArequired per slot

• Up to four slots con gured for WLANGateway operation

• Up to three slots active supporting N:Mredundancy

• 128K tunnels per chassis

• 128K UEs per chassis

Standards support

• S2a Mobility based on GPRS TunnelingProtocol within 3GPP TS 23.402:Architecture enhancements for non-3GPPaccesses. Release 11,

• RFC 2784 - Generic Routing Encapsulation(GRE)

IPsec servicesRedundancy and scale

• Up to 16 MS-ISAs per chassis

• Support for 16 tunnel groups (active/standby MS-ISAs)


• High-performance, hardware-basedencryption and decryption

Encryption methods

• DES, 3DES, AES-128, AES-192 andAES-256

Authentication and hashing methods

• HMAC-MD5, HMAC-SHA1, HMAC-SHA2

Key distribution methods

• Manual exchange, IKEv1 and IKEv2 withPerfect Forward Secrecy (PFS) support

IPsec encapsulation methods

• Encapsulating Security Payload (ESP) withauthentication support in tunnel mode

Key generation algorithms

• Dif e-Hellman

Tunnel authentication methods

• Pre-shared keys, XAUTH, X.509certi cates (IKEv2)

Key IPsec RFC(s) supported

• RFC2315 – PKCS #7: CryptographicMessage Syntax

• RFC 2401 – Security Architecture for theInternet Protocol

• RFC 2409 – The Internet Key Exchange (IKE)

• RFC2986 – PKCS #10: Certi cationRequest Syntax Speci cation

• RFC 3447 – PKCS #1: RSA CryptographySpecications Version 2.1

• RFC 3706 – IKE Dead Peer Detection

• RFC 3947 – Negotiation of NAT Traversalin the IKE

• RFC 3948 – UDP Encapsulation of IPsecESP Packets

• RFC 4306 – Internet Key Exchange(IKEv2) Protocol

• RFC 4868 – Using HMAC-SHA-256, HMAC-SHA-384 and HMAC-SHA-512 with IPsec

• RFC 4945 – The Internet IP Security PKIPro le of IKEv1/ISAKMP, IKEv2 and PKIX



www.alcatel-lucent.com Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks ofAlcatel-Lucent. All other trademarks are the property of their respective owners. The information presentedis subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein.Copyright © 2012 Alcatel-Lucent. All rights reserved. M2012094228 (September)

• RFC 5280 – Internet X.509 Public KeyInfrastructure Certicate and CerticateRevocation List (CRL) Prole

• draft-ietf-ipsec-isakmp-xauth-06.txt –Extended Authentication within ISAKMP/Oakley (XAUTH)

• draft-ietf-ipsec-isakmp-mode-cfg-05.txt –The ISAKMP Con guration Method

Arbor TMSRedundancy and scale

• Up to 12 MS-ISAs per chassis

• Up to 60 Gb/s DDoS scrubbing capacityper chassis


• Up to 5 Gb/s for DDoS scrubbing capacity

Video servicesRetransmission and Fast Channel Change

Redundancy and scale

• Up to eight MS-ISAs per chassis

• Up to four MS-ISAs per video groupwith all active and load sharing toscale egress performance

• Up to four video groups, each with adistinct set of ingest channels


• More than 4 Gb/s ingest multicastvideo processing

• Up to 10 Gb/s RET/FCC egress capacity

Standards support

• RFC 3550 – RTP: A Transport Protocolfor Real-Time Applications

• RFC 4585 – Extended RTP Pro le forReal-time Transport Control Protocol(RTCP)-Based Feedback (RTP/AVPF)

• RFC 4588 – RTP RetransmissionPayload Format

• Digital Video Broadcasting (DVB);Transport of MPEG-2 TS Based DVBServices over IP Based Networks(DVB-IPTV Phase 1.4)

Local/zoned ad insertion

Redundancy and scale

• One MS-ISA per video group

• Inter-chassis redundancy providedby multicast protocol reconvergence


• More than 4 Gb/s ingest multicastvideo processing

• Up to 10 Gb/s egress throughput formain streams and ad splices

• Up to 16 zones per ingress multicastchannel

Standards support

• SCTE 30

• SCTE 35

Ms-Isa r10 en Datasheet

Documents

Transcript of Ms-Isa r10 en Datasheet