search

Juniper NS-RBO-CS-SSG350-3 Instrukcja Obsługi Strona 23

  • Pobierz
  • Dodaj do moich podręczników
  • Drukuj
  • Strona
    / 39
  • Spis treści
  • BOOKMARKI
    • Oceniono. / 5. Na podstawie oceny klientów
Przeglądanie stron 22
Copyright © 2010, Juniper Networks, Inc. 19
APPLICATION NOTE - Branch Office Connectivity Guide
Table 3: Data Center Key Design Considerations
Requirements Description
Internet
connectivity
The design must employ a minimum of two Internet links.
The edge-connecting routers must provide redundancy as well as ensure service
accessibility.
The active/active Internet connection requires two edge routers to provide resilient
Internet connectivity.
A BGP feed is required from each of the providers to enable failover.
A rate limiting of traffic to the firewall is needed so that a flood of traffic from the Internet
does not affect the network.
A stateless inspection or packet filtering must be used.
Private WAN Private circuits must be either point-to-point connections or connect over a provider-
provisioned MPLS network.
All traffic that originates from the branch that is destined for the data center must be
encrypted.
Private WAN is deployed off of the VPN firewalls.
Firewalls Internet firewalls must host the network operations center (NOC).
Firewalls must connect to the Internet and receive routing information from the Internet
edge routers.
IPsec VPN firewalls provide the connectivity hub for all remote sites and they terminate
IPsec VPNs from the Internet as well as from private WANs.
The IPsec firewalls must terminate VPN tunnels for all of the remote branches over the
private WAN.
The following must be employed: redundant hardware, dynamic routing protocols (DRP),
and fully meshed links.
The design must allow for a highly scalable VPN services infrastructure without being
dependent on the availability of Internet firewalls.
Shared services The Internet firewalls must have a default route (obtained from the Internet edge routers)
into the shared services core.
The connectivity to the firewalls must be in a mesh deployment.
The routing on the shared services core must integrate with the firewalls.
High availability The design must use a meshed solution to provide redundant paths on each redundant
device. Internet connectivity.
The design must employ a minimum of two Internet links.
The edge-connecting routers must provide redundancy as well as ensure service
accessibility.
The active/active Internet connection requires two edge routers to provide resilient
Internet connectivity.
A BGP feed is required from each of the providers to enable failover.
A rate limiting of traffic to the firewall is needed so that a flood of traffic from the Internet
does not affect the network.
A stateless inspection or packet filtering must be used.
Przeglądanie stron 22
1 2 ... 18 19 20 21 22 23 24 25 26 27 28 ... 38 39

Komentarze do niniejszej Instrukcji

Brak uwag
  • Applied Air First Alert Biospace Maroo Snell Acoustics
  • Avaya Bramy / kontrolery D-Link Nie LC-Power Myszy Avanti Stojaki telewizyjne Mustek Kamery
  • Philips DVD870P Philips HMP7001/12 Rotel RA-1062 Dash DSY007CM Samsung S24E510C
  • Exo-terra Terrarium Cabinet Instrukcja Użytkownika McIntosh MC1.2KW Instrukcja Właściciela Acer AT2246 Instrukcja Użytkownika Burkert Type 1062 Instrukcja Użytkownika BLANCO 512-729 Instrukcja Użytkownika