|
Description
|
- High-bandwidth encryption (in accordance with IPSec standards)
- Power requirement: 0.21 A @ 48 V (10 W)
- Support for IPSec encryption, decryption, and key calculation
acceleration
Note:
The ES PIC does not support reassembly and decryption
of encrypted packets that were fragmented in an IPSec tunnel.
|
|
Hardware features
|
- Extends the existing security functionality to Internet
traffic at high-performance rates
- Throughput at 800 Mbps, half duplex
- 1000 IPSec tunnels or 2000 IPSec security association
(SA) pairs
- Supports MTUs of up to 3900 bytes
|
|
Software features
|
For a list of the software features available
for services PICs, see the JUNOS
Services Interfaces Configuration Guide.
- Support for IPv4
- Authentication hash algorithms: MD-5 and SHA-1
- Encryption algorithms: DES, 3-DES, and Null
- Automated key management using Diffie-Hellman key establishment
- Support for preshared key management
- Authentication Header and Encapsulating Security Payload
(ESP) independently or in bundle mode
- Tunnel mode IPSec encryption and decryption for data traffic
- Transport mode IPSec encryption and decryption for control
traffic
- Static and dynamic security associations (SA) supported
- SA lifetime configurable in seconds and kilobytes
- JUNOS Release 7.0 or later is required to configure graceful
Routing Engine switchover (GRES).
|
|
LEDs
|
One tricolor:
- Off—Not enabled
- Green—Online with no alarms or failures
- Amber—Online with alarms for remote failures
- Red—Active with a local alarm; router has detected
a failure
|
|
Instrumentation (counters)
|
- Input and output bytes per tunnel
- Total authentication failures
- Total antireply failures
- Total encryption ASIC errors per PIC
|
