Design Reference
Table Of Contents
- Contents
- Chapter 1: Introduction
- Chapter 2: New in this release
- Chapter 3: Network design fundamentals
- Chapter 4: Hardware fundamentals and guidelines
- Chapter 5: Optical routing design
- Chapter 6: Platform redundancy
- Chapter 7: Link redundancy
- Chapter 8: Layer 2 loop prevention
- Chapter 9: Spanning tree
- Chapter 10: Layer 3 network design
- Chapter 11: SPBM design guidelines
- Chapter 12: IP multicast network design
- Multicast and VRF-lite
- Multicast and MultiLink Trunking considerations
- Multicast scalability design rules
- IP multicast address range restrictions
- Multicast MAC address mapping considerations
- Dynamic multicast configuration changes
- IGMPv3 backward compatibility
- IGMP Layer 2 Querier
- TTL in IP multicast packets
- Multicast MAC filtering
- Guidelines for multicast access policies
- Multicast for multimedia
- Chapter 13: System and network stability and security
- Chapter 14: QoS design guidelines
- Chapter 15: Layer 1, 2, and 3 design examples
- Chapter 16: Software scaling capabilities
- Chapter 17: Supported standards, RFCs, and MIBs
- Glossary
SSH determines identities. During the logon process, the SSH client asks for digital proof
of the identity of the user.
• Encryption
SSH uses encryption algorithms to scramble data. This data is rendered unintelligible
except to the intended receiver.
• Integrity
SSH guarantees that data is transmitted from the sender to the receiver without alteration.
If a third party captures and modifies the traffic, SSH detects this alteration.
Virtual Services Platform 4000 supports
• SSH version 1, with password and Rivest, Shamir, Adleman (RSA) authentication
• SSH version 2 with password and Digital Signature Algorithm (DSA) authentication
• Digital Encryption Standard (DES)
• Triple DES (3DES)
• Advanced Encryption Standard (AES)
You must load the encryption module before you can enable it. For more information about
how to load encryption modules, see Avaya Virtual Services Platform 4000 Security,
NN46251-601.
SNMP header network address
You can direct an IP header to have the same source address as the management virtual IP
address for self-generated UDP packets. If you configure a management virtual IP address
and enable the udpsrc-by-vip flag, the network address in the SNMP header is always the
management virtual IP address. This configuration is true for all traps routed out on the I/O
ports or on the out-of-band management Ethernet port.
SNMPv3 support
SNMP version 1 and version 2 are not secure because communities are not encrypted.
Avaya strongly recommends that you use SNMP version 3. SNMPv3 provides stronger
authentication services and the encryption of data traffic for network management.
Other security equipment
Avaya offers other devices that increase the security of your network.
For sophisticated state-aware packet filtering (real stateful inspection), you can add an external
firewall to the architecture. State-aware firewalls can recognize and track application flows that
use not only static TCP and UDP ports, like Telnet or HTTP, but also applications that create
and use dynamic ports, such as FTP, and audio and video streaming. For every packet, the
state-aware firewall finds a matching flow and conversation.
The following figure shows a typical configuration used in firewall load balancing.
Control plane security
Network Design Reference for Avaya VSP 4000 February 2014 127