Featured Products by Lucent Technologies

Users can migrate from basic WAN access to more advanced virtual private network (VPN) and Service Level Agreement (SLA) managed solutions with a single, purpose built IP services platform. Access Point 450 features world class IP routing, advanced IP Quality of Service (QoS), a stateful packet filtering firewall and standards-based VPN security. The integrated traffic measurement and monitoring capabilities allow detailed charge back, service level monitoring and enhanced network planning. And as a fully Simple Network Management Protocol (SNMP) managed system, Access Point 450 is easily integrated into existing management systems and back-office services.

Access Point 450 employs an advanced system architecture that achieves high speed packet forwarding while applying advanced services at very fine granularity. With data forwarding rates of up to 200 Mbps and 3DES encrypted traffic forwarding rates of up to 80 Mbps, Access Point 450 sets new price and performance standards for multiservice IP access routers.

Features

• Robust IP Routing Services
  Access Point 450 combines high performance, Internet certified and deployed IP routing with a comprehensive suite of world class IP services.

• Advanced IP Quality of Service
  Class-Based Queuing (CBQ) provides the most flexible and scalable ability to assign, monitor and manage bandwidth policies for the users and applications of the network.

• Standards-based VPN Security
  High-performance IPSec tunneling and encryption, L2TP Network Server, and stateful packet-filtering firewall features are integrated into a single, highly secure VPN services platform.

• Industry Leading Price/Performance
  Access Point 450 supports forwarding rates up to 200 Mbps with encrypted traffic throughput up to 80 Mbps and up to 4000 simultaneous active VPN tunnels.

• LAN/WAN Interface Modularity
  Access Point 450 includes four interface module slots supporting a mix of LAN and WAN configurations. Options include Ethernet 10/100, ATM/OC-3, Frame/DS3, ATM/DS3, HSSI, MSSI, and 4 x T1/E1.

• Centralized VPN Policy Management
  QVPN Builder is a centralized VPN policy manager enabling large scale VPNs with secure, policy-enabled provisioning of VPN, CBQ and firewall rules.

• A Complete Family of VPN Products
  Access Point 450 is the mid-range member of the Lucent family of multiservice access routers.

Broadest Range of IP Applications

With its complete suite of advanced IP services, Access Point 450 is used by enterprises or service providers in a broad range of IP applications, including:

• High speed enterprise WAN/Internet access with advanced, policy managed bandwidth QoS.

• Combined site-to-site and remote access Internet VPNs that require end-to-end security and SLAs.

• High quality Internet/IP access services for the individual tenants of multi-tenant properties

• Scalable, secure bandwidth QoS for Web and application hosting environments.

• High speed, DS3 rate IP routing from a service provider's access POP to the Internet backbone

• Enhanced remote access services or interworking between the Internet and existing frame relay networks using high capacity L2TP tunneling.

Leadership Performance and Scale

The Access Point platform features a 200 MHz RISC processor with a fast-memory subsystem designed for high-performance with very low, switch-like latencies. The embedded software is based on an industry standard real-time operating system with a fast classification and forwarding architecture that achieves high-speed packet forwarding while applying very granular service level control.

With four expansion slots, Access Point 450 may be configured to support WAN connectivity at the enterprise edge, or provide a range of security and bandwidth management services within an existing routed network architecture. And with 32 MB DRAM (expandable to 128), the Access Point 450 product line scales to meet a range of performance and functional requirements.

The flexible PCI-bus I/O architecture allows for a range of LAN-to-WAN configurations that support different price, performance, and customer access needs. LAN interface options include the 10/100 Ethernet module. WAN interface modules include the 4 x T1/E1, MSSI (up to 8 Mbps), HSSI (up to 45 Mbps), DS3/Frame or ATM, and OC-3/ATM providing connectivity to WAN services including Frame Relay, PPP, ATM, and SMDS.

An Integrated IP Services Architecture

Access Point 450 combines best of breed IP services with the price/performance and scale required to meet the needs of next generation IP/Internet services. Users can easily migrate from basic routing to advanced IP services in a single, high-availability platform that is easy to deploy and manage. Key features include:

• Robust Internet-certified routing

• Explicit policy-based IP QoS

• Industry-standard VPN tunneling and encryption

• Integrated stateful, packet filtering firewall

• Advanced traffic measurement and monitoring

• Centralized, policy-enabled VPN provisioning

Robust Internet-Certified IP Routing

Access Point 450 features robust IP routing that has been certified and deployed by the industry's leading Internet providers. The standards-compliant IP routing solution includes full support for RIP, OSPF, BGP-4 and static routing.

The BGP-4 implementation is fully interoperable with the most widely installed backbone routers and is critical to providing reliable, multi-homed connections from an enterprise customer premises to a backbone IP network. The ability to operate as a full BGP-4 peer further allows deployment of the Access Point 450 as an edge router connecting a carrier's access POP to the Internet/IP backbone.

For high availability environments, Access Point 450 supports redundant access from the corporate LAN to a primary or back-up default gateway via support for the IETF-defined VRRP (Virtual Router Redundancy Protocol).

Additional IP features, including IP Load Sharing, Network Address Translation, and Multicast, further enable a broad base of value-added IP services and applications.

Comprehensive Suite of VPN services

Secure IP Tunneling and Encryption

With its rich security features, performance, and scale, Access Point 450 is ideally suited to operate as a fully integrated VPN router or a QoS-enabled VPN gateway that co-exists with already installed routers. The system supports secure site-to-site and remote access VPNs with up to 4000 IPSec tunnels and 3DES encrypted packet forwarding rates of up to 80 Mbps.

The IPSec tunneling and encryption implementation supports both 56-bit DES and 168-bit 3DES encryption, with HMAC-MD5 and HMAC-SHA1 message authentication. Session keys are managed dynamically with IKE, while user level authentication is supported via local passwords, Remote Authentication Dial-In User Service (RADIUS) or via X.509v3 formatted digital certifications.

L2TP Network Server

Access Point 450 also operates as an L2TP Network Server (LNS), terminating remote user L2TP/PPP sessions at a network service provider POP or a large corporate site. The L2TP Network Server supports up to 1,000 L2TP/PPP sessions with support for IPCP, PAP/CHAP, MLPPP and optional IPSec security.

High Performance, Secure Firewall

Access Point 450 assures high performance access control via its integrated stateful packet filtering firewall. This fully featured firewall provides robust security at up to T3 rates, protecting the corporate LAN/WAN demarcation while preserving application performance and QoS attributes. Centralized, policy-enabled provisioning of the Access Point 450 firewall eliminates site-by-site configuration complexity while also reducing the risk of security holes, which are often the result of configuration errors.

Explicit, policy-based bandwidth QoS

Access Point 450 provides leadership IP QoS based on Class-Based Queuing (CBQ), an open, non-proprietary bandwidth management technology defined by leading members of the Internet community. With CBQ, a network administrator can establish and enforce specific bandwidth policies while gaining the visibility necessary to actively manage cost and QoS. This heightened level of control ensures that the required amount of bandwidth is delivered to the right users when and where they need it.

With CBQ, user traffic is easily classified based on information found in the IP packet header. Bandwidth is then explicitly allocated according to the priorities of the network provider. Bandwidth efficiency is achieved with CBQ's bandwidth borrowing capability, which allows a traffic class to burst above its allocated bandwidth if there is idle bandwidth on the link. Ease-of-use is assured with CBQ AutoClass, which enables Access Point 450 to automatically create a set of bandwidth policies or profiles which can then be enforced across many applications and users.

In a VPN environment, Access Point 450 provides bandwidth QoS for the "virtual trunks" connecting secure VPN sites while also allowing customers to policy manage application and user access to the bandwidth of those secure virtual trunks.

Access Point 450 further enables end-to-end QoS with its support for IETF-defined differentiated services and also Type of Service (ToS) marking. By combining CBQ and DiffServ, a network operator can first prioritize user traffic to meet internal business needs and then map that traffic into the different end-to-end service levels offered by the IP/Internet backbone.

Device and Security Management

The Access View™ Manager enables an administrator to easily control Access Point 450 using its graphical Web Management Navigator, an intuitive Command Line Interface (CLI), or from any industry standard SNMP manager. The Access View CLI establishes a new standard for ease of configuration management, while the Web interface provides a powerful graphical tool for continuous monitoring and control of bandwidth allocation and usage.

Access View is fully compatible with installed SNMP management and reporting systems, thus allowing network administrators to generate a variety of useful statistical reports, support user charge-back and perform service monitoring. A flexible split-horizon management also allows separate web-accessible management domains to be established to meet the respective needs of network provider and user.

Centralized VPN Policy Management

Access Point QVPN Builder™ is a centralized VPN policy manager allowing policy-based, end-to-end provisioning of a site-to-site VPN. Using QVPN Builder, network providers can cost-effectively deploy, manage and scale Internet VPN services.

QVPN Builder simplifies VPN deployment by allowing policy-based provisioning of an Internet VPN. Information, such as VPN topology, security profiles, firewall rules, and QoS policies are translated into detailed site-level configurations. QVPN Builder then automatically distributes the information to each Access Point site, securely via SNMPv3, non-disruptively and within minutes. By automating and centralizing this process, VPN networks can more easily and quickly scale to hundreds of individual user sites.

Hardware Specifications for Lucent Access Point 450
Dimensions 17.38" W x 2.62" H x 14" D Standard rack mountable Weight 14.5 lbs with two interface modules Available Slots Four expansion slots for interface modules and accelerator modules LAN Interface Modules Ethernet: 10/100 Base-TX Ethernet (RJ-45) WAN Interface Option Modules MSSI-up to 8 Mbps (V.35 or X.21) HSSI-up to 45 Mbps Quad T1/E1 with integrated DSUs (RJ-45) Frame-based DS3 with integrated DSU (BNC) ATM DS3 with integrated DSU (BNC) ATM OC-3 multimode fiber (SC Duplex) ATM OC-3 single mode fiber- intermediate reach (SC Duplex) ATM OC-3 single mode fiber-long reach (SC Duplex)		Hardware Assisted Encryption Encryption accelerator module Memory Configurations 32 MB DRAM, upgradeable to 64 or 128 MB Management Ports 2 x RS232 Console Port Power Requirements AC power input range: 90-240 VAC, auto-selecting, 50/60 Hz nominal Consumption: 200 Watts maximum Environmental Requirements Operating temperature: 0º-50º C Storage temperature: -30º-65º C Relative humidity: 5-95% (non-condensing) Safety Certifications UL 1950, third edition; CSA C22.2, No. 950; TUV/EN 60950; AS/NZS 3260 and TS001; IEC 950/CB Scheme EMI/EMC FCC Part 15 class A; ICES-003; EN 55022:1992 and EN 55082-1:1992, AS/NZS 3548; VCCI; CNS 13438		Homologation/Network Certifications US/Canada: FCC Part 68; CS03; ISDN-ST; ISDN-U; quad T1/E1 Europe: quad T1/E1: CTR-12, CTR13; MSSI: CTR-1, CTR-2; ISDN-ST BRI CTR 3 Australia: TS-0016 Management Command line interface via console or Telnet; embedded browser interface; SNMPv2 and SNMPv3 support with standard and private MIBs; Split horizon management for customer and network provider Performance Max number of IPSec remote access tunnels: 4,000 Max number of L2TP tunnels: 1,000 Max throughput (with 3DES encryption): 80Mbps Max packet throughput (non encrypted): 148,000 pps

Software Specifications for Lucent Access Point 450
Routing Protocols Supported IP, RIP, RIP-2, OSPF, BGP-4, IGMPv2, DVMRPv3 VPN Tunneling Protocols Supported IPSec, L2TP (LNS) WAN Protocols Supported Frame Relay, PPP, Multilink PPP, ATM, SMDS Firewall Packet filtering with state informed packet/port control		IPSec encryption/authentication IPSec ESP with DES/3DES encryption, MD5/SHA1 authentication, anti-replay Key Management IKE,PKI, X.509 digital certificates Quality of Service Class-based queuing with classification and auto-classification by IP address, protocol, port number, domain name, TOS byte; DiffServ classification and marking; bandwidth borrowing		Redundancy Virtual routing redundancy protocol (VRRP) BGP-4 multi-homing User Authentication PAP, CHAP, RADIUS