Design Reference
Table Of Contents
- Contents
- Chapter 1: Introduction
- Chapter 2: New in Release 4.0.50
- Chapter 3: New in Release 4.0.40
- Chapter 4: New in Release 4.0
- Chapter 5: Network design fundamentals
- Chapter 6: Hardware fundamentals and guidelines
- Chapter 7: Optical routing design
- Chapter 8: Platform redundancy
- Chapter 9: Link redundancy
- Chapter 10: Layer 2 loop prevention
- Chapter 11: Spanning tree
- Chapter 12: Layer 3 network design
- Chapter 13: SPBM design guidelines
- Chapter 14: IP multicast network design
- Multicast and VRF-Lite
- Multicast and MultiLink Trunking considerations
- Multicast scalability design rules
- IP multicast address range restrictions
- Multicast MAC address mapping considerations
- Dynamic multicast configuration changes
- IGMPv3 backward compatibility
- IGMP Layer 2 Querier
- TTL in IP multicast packets
- Multicast MAC filtering
- Guidelines for multicast access policies
- Multicast for multimedia
- Chapter 15: System and network stability and security
- Chapter 16: QoS design guidelines
- Chapter 17: Layer 1, 2, and 3 design examples
- Chapter 18: Software scaling capabilities
- Chapter 19: Supported standards, RFCs, and MIBs
- Glossary
management virtual IP address. This configuration is true for all traps routed out on the I/O ports or
on the out-of-band management Ethernet port.
SNMPv3 support
SNMP version 1 and version 2 are not secure because communities are not encrypted.
Avaya strongly recommends that you use SNMP version 3. SNMPv3 provides stronger
authentication services and the encryption of data traffic for network management.
Other security equipment
Avaya offers other devices that increase the security of your network.
For sophisticated state-aware packet filtering (real stateful inspection), you can add an external
firewall to the architecture. State-aware firewalls can recognize and track application flows that use
not only static TCP and UDP ports, like Telnet or HTTP, but also applications that create and use
dynamic ports, such as FTP, and audio and video streaming. For every packet, the state-aware
firewall finds a matching flow and conversation.
The following figure shows a typical configuration used in firewall load balancing.
Figure 58: Firewall load balancing configuration
Use this configuration to redirect incoming and outgoing traffic to a group of firewalls and to
automatically load balance across multiple firewalls. The benefits of such a configuration are:
• Increased firewall performance
• Reduced response time
• Redundant firewalls ensure Internet access
Virtual private networks (VPN) replace the physical connection between the remote client and
access server with an encrypted tunnel over a public network. VPN technology employs IP security
(IPsec) and Secure Sockets Layer (SSL) services.
Several Avaya products support IPSec and SSL, including Avaya VPN Gateway and Secure Router.
Additional information
The following organizations provide the most up-to-date information about network security attacks
and recommendations about good practices:
• The Center of Internet Security Expertise (CERT)
System and network stability and security
124 Network Design Reference for Avaya VSP 4000 Series December 2014
Comments? infodev@avaya.com