[ Contents] [ Prev] [ Next] [ Report an Error]

ES PIC

Image g001818.gif

Software release

JUNOS 5.2 and later

Description

High-bandwidth encryption (in accordance with IPSec standards)

Power requirement: 0.21 A @ 48 V (10 W)

Support for IPSec encryption, decryption, and key calculation acceleration

The ES PIC does not support reassembly and decryption of encrypted packets that were fragmented in an IPSec tunnel.

Hardware features

Extends the existing security functionality to Internet traffic at high-performance rates

Throughput at 800 Mbps, half duplex

1000 IPSec tunnels or 2000 IPSec security association (SA) pairs

Supports MTUs of up to 3900 bytes

Software features For a list of the software features available for services PICs, see the JUNOS Services Interfaces Configuration Guide.

Support for IPv4

Authentication hash algorithms: MD-5 and SHA-1

Encryption algorithms: DES, 3-DES, and Null

Automated key management using Diffie-Hellman key establishment

Support for pre-shared key management

Authentication Header and Encapsulating Security Payload (ESP) independently or in bundle mode

Tunnel mode IPSec encryption and decryption for data traffic

Transport mode IPSec encryption and decryption for control traffic

Static and dynamic security associations (SA) supported

SA lifetime configurable in seconds and kilobytes

JUNOS Release 7.0 or later is required to configure graceful Routing Engine switchover (GRES).

LEDs One tricolor:

Off—Not enabled

Green—Online with no alarms or failures

Amber—Online with alarms for remote failures

Red—Active with a local alarm; router has detected a failure

Instrumentation (counters)

Input and output bytes per tunnel

Total authentication failures

Total anti-reply failures

Total encryption ASIC errors per PIC

[ Contents] [ Prev] [ Next] [ Report an Error]

Description	High-bandwidth encryption (in accordance with IPSec standards) Power requirement: 0.21 A @ 48 V (10 W) Support for IPSec encryption, decryption, and key calculation acceleration The ES PIC does not support reassembly and decryption of encrypted packets that were fragmented in an IPSec tunnel.
Hardware features	Extends the existing security functionality to Internet traffic at high-performance rates Throughput at 800 Mbps, half duplex 1000 IPSec tunnels or 2000 IPSec security association (SA) pairs Supports MTUs of up to 3900 bytes
Software features	For a list of the software features available for services PICs, see the JUNOS Services Interfaces Configuration Guide. Support for IPv4 Authentication hash algorithms: MD-5 and SHA-1 Encryption algorithms: DES, 3-DES, and Null Automated key management using Diffie-Hellman key establishment Support for pre-shared key management Authentication Header and Encapsulating Security Payload (ESP) independently or in bundle mode Tunnel mode IPSec encryption and decryption for data traffic Transport mode IPSec encryption and decryption for control traffic Static and dynamic security associations (SA) supported SA lifetime configurable in seconds and kilobytes JUNOS Release 7.0 or later is required to configure graceful Routing Engine switchover (GRES).
LEDs	One tricolor: Off—Not enabled Green—Online with no alarms or failures Amber—Online with alarms for remote failures Red—Active with a local alarm; router has detected a failure
Instrumentation (counters)	Input and output bytes per tunnel Total authentication failures Total anti-reply failures Total encryption ASIC errors per PIC