Nortel Sec Router 1004 SR2101A018E5 ユーザーズマニュアル
製品コード
SR2101A018E5
3
These baseline results demonstrate the
Secure Router’s ability to forward VoIP
traffic regardless of data traffic load —
while maintaining toll-quality voice as
demonstrated by consistent 4.4 MOS
scores.
Secure Router’s ability to forward VoIP
traffic regardless of data traffic load —
while maintaining toll-quality voice as
demonstrated by consistent 4.4 MOS
scores.
Enabling interface filters
During the next test phase, the Secure
Router’s Access Control List (ACL)
service was configured to observe the
effect on VoIP quality when other router
services are turned up. Two access lists
were defined on the WAN bundle of
each system — one for inbound traffic,
the other for outbound traffic. Each
access list consisted of nine ‘deny’ rules
that blocked traffic between two subnets.
The tenth rule in the access list was a
‘permit’ between the two subnets used
for voice and data traffic. This forced all
traffic to be evaluated by all rules before
being forwarded through the routers.
Voice and data traffic was passed through
the network, as was done for the Baseline
testing.
Router’s Access Control List (ACL)
service was configured to observe the
effect on VoIP quality when other router
services are turned up. Two access lists
were defined on the WAN bundle of
each system — one for inbound traffic,
the other for outbound traffic. Each
access list consisted of nine ‘deny’ rules
that blocked traffic between two subnets.
The tenth rule in the access list was a
‘permit’ between the two subnets used
for voice and data traffic. This forced all
traffic to be evaluated by all rules before
being forwarded through the routers.
Voice and data traffic was passed through
the network, as was done for the Baseline
testing.
Results (see Figure 3) were identical to
the baseline testing. That is, MOS
scores remained in the 4.4 range, even
when the WAN link was oversubscribed.
Consistently high percentage WAN
utilization rates were also maintained.
the baseline testing. That is, MOS
scores remained in the 4.4 range, even
when the WAN link was oversubscribed.
Consistently high percentage WAN
utilization rates were also maintained.
Adding a VPN tunnel and
stateful firewall
stateful firewall
In the final test case, a VPN tunnel was
defined between the Secure Router
1004 and the Secure Router 3120 over
the WAN connection using encryption
that was set to 3DES-MD5. Firewall
rules were further added to the VPN
configuration. The Secure Router was
configured with 52, 202 and 1002 fire-
wall policies respectively, and VoIP and
data traffic was sent through the network.
defined between the Secure Router
1004 and the Secure Router 3120 over
the WAN connection using encryption
that was set to 3DES-MD5. Firewall
rules were further added to the VPN
configuration. The Secure Router was
configured with 52, 202 and 1002 fire-
wall policies respectively, and VoIP and
data traffic was sent through the network.
Figure 4 shows throughput for the test
case of 20 simulated VoIP calls with
data overhead of 3,072 kbps (WAN link
is oversubscribed to 189 percent) while
varying the number of policies in the
firewall. Again, no degradation of the
voice occurred and the WAN link was
fully utilized.
case of 20 simulated VoIP calls with
data overhead of 3,072 kbps (WAN link
is oversubscribed to 189 percent) while
varying the number of policies in the
firewall. Again, no degradation of the
voice occurred and the WAN link was
fully utilized.
Summary
Regardless of the amount of traffic or
services applied, Nortel Secure Routers
were able to successfully prioritize and
forward IP voice traffic, and pass some
or all of the data traffic — resulting in a
fully-utilized WAN circuit. When addi-
tional complex IP services were added to
the link, the routers’ sophisticated QoS
mechanisms ensured that there was no
degradation of VoIP quality or in the
handling of traffic.
services applied, Nortel Secure Routers
were able to successfully prioritize and
forward IP voice traffic, and pass some
or all of the data traffic — resulting in a
fully-utilized WAN circuit. When addi-
tional complex IP services were added to
the link, the routers’ sophisticated QoS
mechanisms ensured that there was no
degradation of VoIP quality or in the
handling of traffic.
Figure 3. ACL throughput with oversaturated WAN link
Figure 4. Encrypted throughput vs. number of firewall policies