Featured Products by Lucent Technologies

Users can migrate from basic WAN access to more advanced Virtual Private Network (VPN) and Service Level Agreement (SLA) managed solutions with a single, purpose built IP services platform. Access Point 1000 features world class IP routing, advanced IP Quality of Service (QoS), a stateful packet-filtering firewall and standards-based VPN security. The integrated traffic measurement and monitoring capabilities allow detailed charge back, service level monitoring and enhanced network planning. And as a fully Simple Network Management Protocol (SNMP) managed system, Access Point 1000 is easily integrated into existing management systems and back-office services.

Access Point 1000 employs an advanced system architecture that achieves high-speed packet forwarding while applying advanced services at very fine granularity. With data forwarding rates of up to 450 Mbps and 3DES encrypted traffic forwarding rates of up to 155 Mbps, Access Point 1000 sets new price and performance standards for multiservice IP access routers.

Features

• Robust IP Routing Services
  Access Point 1000 combines high-performance, Internet certified and deployed IP routing with a comprehensive suite of world class IP services.

• Advanced IP Quality of Service
  Class-Based Queuing (CBQ) provides the most flexible and scalable ability to assign, monitor and manage bandwidth policies for the users and applications of the network.

• Standards-based VPN Security
  High performance IPSec tunneling and encryption, L2TP Network Server, and stateful packet-filtering firewall features are integrated into a single, highly secure VPN services platform.

• Industry Leading Performance
  This high-end platform supports forwarding rates up to 450 Mbps with encrypted traffic throughput up to 155 Mbps and up to 4000 simultaneous active VPN tunnels.

• LAN/WAN Interface Modularity
  Access Point 1000 supports two on-board 10/100 Ethernet interfaces plus four slots for additional interface expansion. Options include: POS/OC3, ATM/OC3, Frame/DS3, ATM/DS3, Gigabit Ethernet, HSSI, and 4 x T1/E1.

• Centralized VPN Policy Management
  QVPN Builder is a centralized VPN policy manager enabling large-scale VPNs with secure, policy enabled provisioning of VPN, CBQ and firewall rules.

• A Complete Family of VPN Products
  Access Point 1000 is the high-performance member of the Lucent family of multiservice access routers.

Broadest range of IP applications

With its complete suite of advanced IP services, Access Point 1000 can be used by enterprises or service providers in a broad range of IP applications, including:

• High-performance site-to-site and remote access Internet VPNs that offer end-to-end security and SLAs.

• High-quality Internet/IP access services for the individual tenants of large multi-tenant properties.

• Scalable, secure bandwidth QoS for large scale Web and application hosting environments.

• High-speed IP routing from a service provider's access POP to the Internet backbone.

• Access POP-based IP aggregation services delivering discrete QoS, security and firewall capabilities to the individual customers of a network provider.

• Enhanced remote access services or interworking between the Internet and existing frame relay networks using high-capacity L2TP tunneling.

Leadership, performance and scale

Access Point 1000 has been purpose-built to deliver advanced IP services with industry leading performance and scale in a very compact 1U height chassis. The architecture features a 262 MHz MIPS R7000 RISC processor. The fast memory subsystem supports 128 MB synchronous DRAM (expandable to up to 256 MB), providing extended packet buffering support and expansion potential for future feature enhancements.

Access Point 1000 features two integrated 10/100 Ethernet interfaces with expansion slots supporting up to four additional interface modules. LAN interface options include a 10/100 Ethernet and a Gigabit Ethernet module. WAN interface modules include the 4 x T1/E1, MSSI (up to 8 Mbps), HSSI (up to 45 Mbps), DS3/Frame or ATM, and OC-3/ATM or Packet over SONET (POS) providing connectivity to an array of WAN services, such as Frame Relay, PPP, ATM, POS and SMDS.

The Access Point 1000 also includes two internal slots for the addition of special purpose performance accelerators, the first of which is the Hi/fn 7751-based Encryption Accelerator Module. With two Encryption Accelerators installed, the Access Point 1000 leads the industry with up to 155 Mbps of 3DES encryption.

Integrated IP services architecture

Access Point 1000 combines best-of-breed IP services with the price/performance and scale required to meet the needs of next generation IP/Internet services. Users can easily migrate from basic routing to advanced IP services in a single, high-availability platform that is easy to deploy and manage. Key features include:

• Robust internet-certified routing

• Explicit policy-based IP QoS

• Industry-standard VPN tunneling and encryption

• Integrated stateful packet-filtering firewall

• Advanced traffic measurement and monitoring

• Centralized, policy-enabled VPN provisioning

Robust Internet-certified IP routing

Access Point 1000 features robust IP routing that has been certified and deployed by the industry's leading Internet Providers. The standards-compliant IP routing solution includes full support for RIP, OSPF, BGP-4 and static routing.

The BGP-4 implementation is fully interoperable with the most widely installed backbone routers and is critical to providing reliable, multi-homed connections from an enterprise customer premises to a backbone IP network. The ability to operate as a full BGP-4 peer further allows deployment of the Access Point 1000 as a high-performance edge router connecting a carrier's access POP to the Internet/IP backbone.

For high-availability environments, Access Point 1000 supports redundant access from the corporate LAN to a primary or back-up default gateway via support for the IETF-defined VRRP (Virtual Router Redundancy Protocol).

Additional IP features, including IP Load Sharing, Network Address Translation, and Multicast, further enable a broad base of value added IP services and applications.

Comprehensive suite of VPN services

Secure IP Tunneling and Encryption

With its rich security features, performance, and scale, Access Point 1000 is ideally suited to operate as a fully integrated VPN router or a QoS-enabled VPN gateway in large traffic centers. The system supports secure site-to-site and remote access VPNs with up to 4000 IPSec tunnels and triple DES encrypted packet-forwarding rates of up to 155 Mbps.

The IPSec tunneling and encryption implementation supports both 56-bit DES and 168-bit 3DES encryption, with HMAC-MD5 and HMAC-SHA1 message authentication. Session keys are managed dynamically with IKE, while user level authentication is supported via local passwords, Remote Authentication Dial-In User Service (RADIUS) or via X.509v3 formatted digital certifications.

L2TP Network Server

Access Point 1000 also operates as a high-performance L2TP Network Server (LNS), terminating remote user L2TP/PPP sessions at a network service provider POP or a large corporate site. The L2TP Network Server supports up to 1,000 L2TP/PPP sessions with support for IPCP, PAP/CHAP, MLPPP and optional IPSec security.

High-performance, Secure Firewall

Access Point 1000 assures high-performance access control via its integrated stateful packet-filtering firewall. This fully featured firewall provides robust security at beyond T3 rates, protecting the corporate LAN/WAN demarcation while preserving application performance and QoS attributes. Centralized, policy-enabled provisioning of the Access Point firewall eliminates site-by-site configuration complexity while also reducing the risk of security holes, which are often the result of configuration errors.

Explicit, policy-based bandwidth QoS

Access Point 1000 provides leadership IP QoS based on Class-Based Queuing (CBQ), an open, nonproprietary bandwidth management technology defined by leading members of the Internet community. With CBQ, a network administrator can establish and enforce specific bandwidth policies while gaining the visibility necessary to actively manage cost and QoS. This heightened level of control ensures that the required amount of bandwidth is delivered to the right users when and where they need it.

With CBQ, user traffic is easily classified based on information found in the IP packet header. Bandwidth is then explicitly allocated according to the priorities of the network provider. Bandwidth efficiency is achieved with CBQ's bandwidth borrowing capability, which allows a traffic class to burst above its allocated bandwidth if there is idle bandwidth on the link. Ease of use is assured with CBQ AutoClass, which enables Access Point 1000 to automatically create a set of bandwidth policies or profiles which can then be enforced across many applications and users.

In a VPN environment, Access Point 1000 provides bandwidth QoS for the "virtual trunks" connecting secure VPN sites while also allowing customers to policy manage application and user access to the bandwidth of those secure virtual trunks.

Access Point 1000 further enables end-to-end QoS with its support for IETF-defined Differentiated Services and also Type of Service marking. By combining CBQ and DiffServ, a network operator can first prioritize user traffic to meet internal business needs and then map that traffic into the end-to-end service levels offered by the IP/Internet backbone.

Device and security management

The Access View™ Manager enables an administrator to easily control Access Point 1000 using its graphical Web Management Navigator, an intuitive Command Line Interface (CLI), or from any industry standard SNMP manager. The Access View CLI establishes a new standard for ease of configuration management, while the Web interface provides a powerful graphical tool for continuous monitoring and control of bandwidth allocation and usage.

Access View is fully compatible with installed SNMP management and reporting systems, thus allowing network administrators to generate a variety of useful statistical reports, support user charge-back and perform service monitoring. A flexible split-horizon management also allows separate Web-accessible management domains to be established to meet the respective needs of network provider and user.

Centralized VPN policy management

Access Point QVPN Builder™ is a centralized VPN policy manager allowing policy-based, end-to-end provisioning of a site-to-site VPN. Using QVPN Builder, network providers can cost-effectively deploy, manage and scale Internet VPN services.

QVPN Builder simplifies VPN deployment by allowing policy-based provisioning of an Internet VPN. Information, such as VPN topology, security profiles, firewall rules and QoS policies are translated into detailed site-level configurations. QVPN Builder then automatically distributes the information to each Access Point 1000 site, securely via SNMPv3, non-disruptively and within minutes. By automating and centralizing this process, VPN networks can more easily and quickly scale to hundreds of individual user sites.

Hardware Specifications for Lucent Access Point 1000
Dimensions 1.74" H x 17.3" W x 11.8" D Standard rack mountable Weight 12 lbs, without interface modules LAN Interfaces Ethernet: Two embedded 10/100 Base-T Ethernet (RJ-45) Expansion Slots 4 PMC Expansion Slots for Interface Modules 2 Internal Slots for Accelerator Modules LAN Interface Modules Ethernet: 10/100 Base-T Ethernet (RJ-45) Gigabit Ethernet (Multimode Fiber) WAN Interface Option Modules MSSI-up to 8 Mbps (V.35 or X.21) HSSI-up to 45 Mbps Quad T1/E1 with integrated DSUs (RJ-45) Frame-based DS3 with integrated DSU (BNC) ATM DS3 with integrated DSU (BNC) ATM OC-3 Multimode Fiber (SC Duplex) ATM OC-3 Single Mode Fiber- Intermediate Reach (SC Duplex) ATM OC-3 Single Mode Fiber- Long Reach (SC Duplex)		Packet over SONET OC-3 Multimode Fiber (SC Duplex) Packet over SONET OC-3 Single Mode Fiber-Intermediate Reach (SC Duplex) Packet over SONET Single Mode Fiber-Long Reach (SC Duplex) Processor 262 MHz MIPS RM7000 Hardware Assisted Encryption Encryption Accelerator Module Memory Configurations 128 MB SDRAM Upgradeable to 256 MB Management Ports 2 x RS232 Console Port Power Requirements AC Power Input Range: 90-240 VAC, auto-selecting, 50/60 Hz nominal DC Power Input Range: 36-60 VDC, 6A Consumption: 125 Watts maximum Environmental Requirements Temperature: 0º-50º C Storage Temperature: -30º-65º C Relative Humidity: 5-95% (non-condensing) Safety Certifications UL 1950, third edition; CSA C22.2, No. 950; TUV/EN 60950; AS/NZS 3260 and TS001; IEC 950/CB Scheme		EMI/EMC FCC Part 15 class A; ICES-003; EN 55022:1997 and EN 55082-1:1997 (IEC61000-4-3, ENV50204, IEC61000-4-4, IEC61000-4-2, IEC61000-4-6, IEC61000-4-5, IEC61000-3-2, IEC61000-3-3, IEC61000-4-11, env50204); 24; AS/NZS 3548; VCCI; CNS 13438 Homologation/Network Certifications US/Canada: FCC Part 68; CS03; ISDN-ST; ISDN-U; Quad T1/E1 Europe: Quad T1/E1: CTR-12, CTR13; MSSI: CTR-1, CTR-2; ISDN-ST BRI CTR 3 Australia: TS-0016 Management Command line interface via console or Telnet; embedded browser interface; SNMPv2 and SNMPv3 support with standard and private MIBs; Split horizon management for customer and network provider Performance Max Number of IPSec Remote Access Tunnels: 4,000 Max Number of L2TP Tunnels: 1,000 Max Throughput (w/ triple DES encryption): 155 Mbps Max Packet Throughput (non- encrypted): 200,000 pps

Software Specifications for Lucent Access Point 1000
Routing Protocols Supported IP, RIP, RIP-2, OSPF, BGP-4, IGMPv2, DVMRPv3 VPN Tunneling Protocols Supported IPSec, L2TP (LNS) WAN Protocols Supported Frame Relay, PPP, Multilink PPP, ATM, SMDS Firewall Packet filtering with state informed packet/port control		IPSec Encryption/Authentication IPSec ESP with DES/3DES encryption, MD5/SHA1 authentication, anti-replay Key Management IKE,PKI, X.509 digital certificates Quality of Service Class-Based Queuing with classification and auto-classification by IP address, protocol, port number, domain name, TOS byte; DiffServ classification and marking; bandwidth borrowing		Redundancy Virtual Routing Redundancy Protocol (VRRP) BGP-4 multi-homing User Authentication PAP, CHAP, RADIUS