Intel Express Routers 9000 User Manual
Page 3
■
IPX/SPX spoofing. The Novell IPX protocol sends IPX
Watchdog packets between servers and clients on a regular
basis to ensure that IPX sessions remain valid. Similarly, SPX
sends keep-alive packets between clients to ensure that SPX
sessions are still active. The packets continually activate the WAN
link, which significantly increases the cost of operation. Intel
Express Routers prevent these unnecessary dial-up connections
by answering the packets on behalf of remote clients until the
WAN link is established for data communication.
■
Triggered RIP. Standard RIP updates are transmitted
between routers at regular intervals and whenever a topology
change occurs. With Triggered RIP, the routers store these
updates until the next WAN link is established, and thereafter
send only those updates that report a topology change. By
eliminating unnecessary information exchange between routers,
Triggered RIP reduces the cost of the WAN link and maximizes
the available bandwidth for data communication.
■
IP and IPX static routes. Even with Triggered RIP updates
sent via IP and IPX, keeping track of topology changes can
consume valuable bandwidth on the WAN link and increase
costs. To prevent routing updates from being sent over the
WAN link at all, users can establish static routes.
■
Controlled bridging. Intel Express Routers offer user-defined
control of the bridging functions. For example, the routers
can be configured to forward data only to known destinations,
helping to ensure that only essential information is forwarded.
■
EuroISDN cost control. Timer profiles and link accounting
are especially useful for controlling WAN link costs on ISDN-
based (EuroISDN only) networks. Timer profiles (up to 16) can
be used to restrict outgoing and incoming access to the WAN link.
For example, access can be restricted to times when operating
tariffs are lowest. Link accounting allows usage monitoring of
the ISDN link, including the number of calls and cumulative
uptime. An activity alarm can be set to close the ISDN links
or send an alert when usage reaches a predefined threshold.
To control and consolidate the billing of dial-in connections
over analog or ISDN modems, the Call Back feature can be
used. In this case, the router cuts the inbound connection, then
immediately calls back the remote site so the billing originates
from the central site.
Tunneling – Secure Use of the Internet
Via a Virtual Private Network (VPN)
With two or more Intel Express Routers, you can use tunneling
and encryption to create a VPN that allows safe use of the Internet
to send and receive secure business data between LANs. You get
the security of a private network at the vastly lowered expense
of simple Internet connections. Typically, because of current
limitations in the Internet infrastructure, VPNs are most suitable
for non real-time or lower bandwidth traffic.
Tunneling with Intel Express Routers is supported by powerful
encryption, using the Blowfish algorithm, with a 144 bit encryption
key. Compare this with competing solutions providing key lengths
of only 40 to 128 bits – this is strong encryption. For even greater
security, you can use a different key for each tunnel.
Before any data enters the public domain, each packet is
encrypted and placed in a separate envelope for transmission.
For best effectiveness, the encryption is performed across the
entire data stream rather than on individual packets only. Even
the original source and destination address of the data stream
are hidden from potential hackers.
With Intel Express Routers, configuring a tunnel is simple.
You don’t have to modify applications or add any specialized
software to your LAN. Just enter the IP address of the router at
the remote site and enter the same encryption key on both ends
of the communication. The connection will work with virtually
any ISP and travel as easily as open traffic through the Internet.
Because Intel’s solution encapsulates tunneled traffic in
standard IP, Intel Express Routers can tunnel any LAN protocol
they can route or bridge, including IPX. This allows existing
LAN applications to be used unchanged over the Internet tunnel.
Intel Express Router
(with tunneling enabled)
ISP
POP
Public
Internet
Secure Tunnel:
IP, IPX or bridged LAN
traffic encrypted,
compressed by PPP
and encapsulated in IP
Local private
WAN link to ISP
(PPP, Frame
Relay or X.25)
Site A
Site C
Site B
ISP POP
ISP POP
Intel Express
Router
(with tunneling
enabled)
Intel Express Router
(with tunneling enabled)
LAN to LAN Connectivity Via
Virtual Private Network Over the Internet
NP0803_2.qxd 8/15/97 4:22 PM Page 3