Cisco - New Developments for the Enterprise VPN

  • 0 0 0
  • Like this paper and download? You can publish your own PDF file online for free in a few minutes! Sign Up
File loading please wait...
Citation preview

1113 0973_05F9_c2

1

© 1999, Cisco Systems, Inc.

New Developments For The Enterprise Virtual Private Network Session 1113

1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

2

1

Agenda • VPN Choices—Choosing What’s Right for You • The Building Blocks of a VPN Security Quality of Service Network and Service Monitoring

• Real World Implementations • Q&A 1113 0973_05F9_c2

3

© 1999, Cisco Systems, Inc.

What Are VPNs? Connectivity Deployed on a Shared Infrastructure With the Same Policies and ‘Performance’ As a Private Network with Lower Total Cost of Ownership Regional Sites

Virtual Private Network

Branches SoHo Telecommuters Mobile Users

Central /HQ

Internet, IP, FR, ATM 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

Partners Customers 4

2

Comprehensive E-VPN Solutions 1

2

3

Platforms

Security

Services

Cisco 7100 Integrated VPN Router

VPN Client Enhanced IPSec

Network-Based Application Recognition

IOS Firewall Phase 2 Tunnel Endpoint Discovery

VPN Optimized Routers

New!

4

5

Appliances Management PIX 515 Firewall

QoS Policy Manager 1.0

VPN End-to-End QoS Class Based Queuing

IOS Firewall

IP QoS

NetRanger 2.2

Security Mgr 1.0

3DES

IP/ATM QoS

NetSonar 2.0

ACL Mgr 1.0

Time-based ACLs

SLA Monitoring

IPM 2.0

DELIVERED

Access VPN 1113 0973_05F9_c2

Intranet VPN

Extranet VPN 5

© 1999, Cisco Systems, Inc.

Extending the Classic WAN Branch Sites

Leased Lines ATM Frame Relay

Telecommuters

Dial/ISDN

• New issues Networking infrastructure Security and management infrastructure 1113 0973_05F9_c2

Mobile Users

Internet Partners

IP-VPN

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

Customers

6

3

VPN Types and Applications Type

Application

Remote Access

Remote

As Alternative To Dedicated Dial

Connectivity

VPN

ISDN

Site-to-Site Intranet VPN

Extranet VPN

Internal Connectivity Business-toBusiness External

Benefits Ubiquitous Access Lower Cost

Leased Line

Extend Connectivity Lower Cost

Fax, Mail, EDI

Facilitates E-Commerce

Connectivity 1113 0973_05F9_c2

7

© 1999, Cisco Systems, Inc.

VPN Requirements

Network Management

Core Networking Services Infrastructure: Platforms Appliances 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

End-to-End Networking

Policy Management

Scalability

QoS Network and Service Monitoring

Open Architecture

Security

8

4

Security Aspects of VPNs • Cyclical process • Identity Accurately identify users Determine what users are allowed to do

• Integrity Ensure network availability Provide perimeter security Ensure privacy

• Active audit Recognize network weak spots Detect and react to unwanted activity

• Manageability Centralized control of security services Scalability, modeling administrative roles 1113 0973_05F9_c2

Policy

9

© 1999, Cisco Systems, Inc.

Identity Challenges

• Uniquely and accurately identify network users and devices • Configure services dynamically • Scalability • Provide accounting records 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

10

5

Identity Solutions • User name and password • PAP and CHAP • AAA servers (RADIUS and TACACS+) • One time passwords • PKI with digital certificates (X.509) and certificate authorities

CiscoSecure

• Products: CiscoSecure 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

11

Challenges of Integrity • Control access to information Allow authenticated employees and partners seamless access (intranet) Restrict access of unauthenticated or untrusted users (extranet)

• Protect against data loss or theft • Defend against Denial of Service (DoS) 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

12

6

IPSec VPN Client Operation Email Server

• Remote user can access a public Internet connection locally and then tunnel encrypted data to the home gateway • Client uses a X.509 certificate or a one-time password with a AAA server to negotiate an Internet Key Exchange and establish a secure tunnel

7100/VPN Optimized Router

Certificate Authority/ AAA

Internet

• All data is encrypted and allowed only after being fully authenticated • Allows safe low cost and ubiquitous access to the corporate network 1113 0973_05F9_c2

VPN Remote User with IPSec Client 13

© 1999, Cisco Systems, Inc.

Remote Access Client Software Highlights Platforms • Windows 95

Interoperability • IPSec and IKE with DES/3DES • Interoperable with IPSec in Cisco IOS software

• Windows 98 • Windows NT 4.0 NEW VPN

Features • Simple to use policy editor • Transparent to end-user • Dynamic addressing • AAA support through IOS Firewall feature set • Digital certificate support from Verisign, Netscape and Entrust with Certificate Enrollment Protocol (CEP) 1113 0973_05F9_c2

Cisco VPN Client

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

Policy Management • Centrally configurable policy • Can prevent end-users from changing policy • Optionally prevent direct Internet access when IPSec tunnel is active

14

7

Cisco VPN Software Solutions

• Ipsec VPN client: IRE safenet/soft-pk Tunnel mode or transport mode security DES, 3-DES, MD-5, and SHA-1 algorithms

New

IKE (internet key exchange using ISAKMP/oakley) Authenticate via digital signatures and X.509 certificates

• Pki/certificate authority partners Entrust technologies Netscape communications Verisign Baltimore technologies 1113 0973_05F9_c2

15

© 1999, Cisco Systems, Inc.

IPSec Enhancements New

• Tunnel Endpoint Discovery (TED) Dynamically determines tunnel endpoint Removes the requirement to pre-configure tunnel endpoints for each router Eases deployment of intranet/extranet networks

1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

16

8

Integrity Solutions

• Tunnels • Firewalls • Access control lists

PIX Firewall

• Route authentication Products: PIX firewall, Cisco IOS devices Cisco IOS Firewall 1113 0973_05F9_c2

17

© 1999, Cisco Systems, Inc.

PIX™ 515 Firewall New

• Dedicated appliance • Aggressively priced • Hybrid design Adaptive Security Algorithm (ASA) Cut-through proxy (patent-pending)

• High-performance Up to 128,000 simultaneous sessions Up to 170 Mbps throughput Up to 6,500 connections per second

• Low-profile chassis Single rack unit with up to six integrated 10/100 Ethernet ports 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

18

9

IOS Firewall Phase 2 New

• Initial support for 2600, 3600, 7100, 7200 platforms • Cut through proxy for user authentication and authorization • Embedded Intrusion Detection capability • Port application mapping • SMTP mail attack prevention • IP Fragmentation attack prevention • CBAC supported apps 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

19

Challenges of Active Audit • Visibility into activity • Operational scalability • Signal to noise ratio • Reactive alarming and posture alteration • Update attack signatures

1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

20

10

Active Audit Solutions • Proactive vulnerability assessment (security scanning) • Perpetually updated vulnerability database

New NetRanger Appliance

• Intrusion detection systems (IDS) • Products: NetRanger™ and NetSonar™ 1113 0973_05F9_c2

New NetSonar NT Version! 21

© 1999, Cisco Systems, Inc.

NetSonar 2.0

• Windows NT version • UDP port scanner • Vulnerability severity ratings • DNS name resolution • SNMP scanning module • Enhanced signature database • Web-based rules updates 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

22

11

Cisco End-to-End VPN Security DMZ VPN Client

Campus NetSona r

NetRange r

PIX Administrator Security Manager

CA/AAA

• VPN Security: User Authentication Firewalls Encryption Intrusion Detection Vulnerability Scanning VPN Client Software VPN Optimized and Integrated Routers Management 1113 0973_05F9_c2

Internet VPN IP-VPN

Cisco Router

Cisco 7100 Integrated VPN Router

Cisco VPN Optimized Router

Extranet Partner 23

© 1999, Cisco Systems, Inc.

VPN Requirements

Policy Management

Network Management

Core Networking Services Infrastructure: Platforms Appliances 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

End-to-End Networking

Network and Service Monitoring

Scalability

QoS

Open Architecture

Security

24

12

QoS in a VPN

ISP SP Network Functions

QoS Benefits for VPNs

• Adhere to SLA

CPE Functions • Packet classification • Packet marking • WAN-link bandwidth management • Measurement

1113 0973_05F9_c2

Throughput Latency Availability Control congestion

Make optimum use of VPN WAN link(s) Provide bandwidth and priority to mission-critical apps Control non-mission-critical applications Exploit differentiated services offered by Service Provider 25

© 1999, Cisco Systems, Inc.

Packet Classification

VPN Network Edge Packet Classifier

Customer Premise

Policy Specification • Committed Access Rate (CAR) • Up to six traffic classes via ToS precedence bits • Classification by Layer 3 address, Layer 4 port number, URL, application • Network or external assignment 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

26

13

Traffic Policing in a VPN

HQ or Remote Office Internet Traffic Policing

• Used to enforce a maximum transmit rate (rate limit) for IP traffic • Can be applied on input or output direction of an interface • Applied to user-selected traffic classes • Traffic that exceeds the rate is dropped or reclassified 1113 0973_05F9_c2

27

© 1999, Cisco Systems, Inc.

Network-Based Application Recognition • Enhances bandwidth management, providing stateful prioritization by:

New

True application type URL and sub-URL Dynamically assigned ports Mission-Critical

Campus

1113 0973_05F9_c2

Multimedia

WAN

applications use Multi-Service • Traditional static port assignments

Campus

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

• New applications (voice, video, web, ERP) use dynamic port assignments • NBAR monitors session activity based on stateful inspection and URL parsing • Dynamic packet classification is acted on by downstream QoS features • Modular Service Definition 28

14

Prioritizing VPN Traffic Flow-Based WFQ

New

Flow defined by packet type Source/Destination IP address Static port numbers Traffic assigned to queues based on flows Fair queuing, or relative bandwidth allocation

Class-Based WFQ Class defined by user. All voice traffic– traffic–1st class ERP– ERP –2nd class Web traffic– traffic–3rd class

Web ERP (20%) (30%)

Traffic assigned to queues based on class assignment

Voice (50%)

Traffic prioritization based on user-defined minimum bandwidth allocation % bandwidth kpps rate

1113 0973_05F9_c2

29

© 1999, Cisco Systems, Inc.

VPN End-to-End QoS New

• Enables classification for encrypted and tunneled VPNs • Supports ISP differentiated services offerings • Preserves QoS signaling end-to-end Tunneled and Encrypted Packet with QoS Preservation

Non-Classified Traffic ier sif s Cla 1113 0973_05F9_c2

Qo

Output Queuing ISP End-to-End

S

rk Ma

ing

ine ng E to yp Cr

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

30

15

IETF Diff-Serv Working Group • Redefining the IP type-of-service (ToS) byte into the Diff-Serv byte (“DS byte”) Signals what QoS to provide to the packet, thus identifying packets as belonging to one class or another

• Fostering common QoS behaviors in the SP network, such as Expedited forwarding—guaranteed bandwidth (minimum and maximum) for a traffic class Assured forwarding—four classes of forwarding priority, three drop classes within each

• Provides the basis for standards-based QoS in a VPN, end-to-end 1113 0973_05F9_c2

31

© 1999, Cisco Systems, Inc.

VPN Requirements

Policy Management

Network Management

Core Networking Services Infrastructure: Platforms Appliances 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

Scalability

Network and Service Monitoring

Open Architecture

QoS

End-to-End Networking

Security

32

16

Security Objectives DMZ

• Policy-based

Campus Network

• Centralized command and control

NetRanger

Internet Admin

Policy System CiscoSecure

• Secure component conversations

• High availability • Ease of use

PIX

Router

NAS

• Administrative roles and authentication methods

1113 0973_05F9_c2

Mobile User

NetSonar

• Integrated management of components

Remote Office Dial-in User

33

© 1999, Cisco Systems, Inc.

Security Policy Management Security Manager Policy-Based PIX Management

Delivered

• Visual security policy development environment • Scalable, network wide operations for Internet, intranet, and extranet topologies • Windows-based, manage from Win95/98/NT clients • Web reports integrate with CiscoWorks2000 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

34

17

VPN QoS Management Objectives • Prioritize business-critical applications

QoS Policy Server

• Provide centralized policy control

Catalyst 8510

• Enable enterprise-wide

Campus Backbone

• QoS services • Support feature-rich QoS mechanisms

• Integrate directory services in phases • Deliver enterprise scalability 1113 0973_05F9_c2

Catalyst 5509 with RSM

Cisco 7200 Router

Enterprise Enterprise Application Application Servers Servers

Enterprise Database Servers 35

© 1999, Cisco Systems, Inc.

QoS Monitoring 2H ’99

CW2000—CiscoView Complete Device Management • Monitor vital statistics per traffic class Throughput Queue latency Packet drops Rate limits Traffic policing

• Traffic distribution views of IP precedence or traffic class 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

36

18

QoS Policy Management

Delivered

QoS Policy Manager Application Aware Networking QoS Policy Server

• Translates application priority to QoS policy • Automates policy configuration and auditing • Configures rich set of QoS services

Catalyst 8540 Campus Backbone Cisco 7200 Router

• Web-based reporting and device import integration with CW2000 1113 0973_05F9_c2

Enterprise Application Servers

Enterprise Database Servers 37

© 1999, Cisco Systems, Inc.

Service Monitoring Delivered

CW2000—IPM V2.0 Validate Network Service Levels • WAN troubleshooting Measures hop-by-hop response time and availability Provides real-time and historical reports

• Service management agent embedded in Cisco IOS Cost effective deployment throughout the network 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

38

19

Automated Cisco IOS Configuration

Delivered

CW2000—ACL Manager Automates Cisco IOS Service Creation • Web-based application for all IOS platforms • Extremely Scalable, network-wide operations • Dramatically reduce the time to design, implement, and deploy • Templates of policy for consistent deployment 1113 0973_05F9_c2

39

© 1999, Cisco Systems, Inc.

VPN Building Blocks

Policy Management

Network Management

Core Networking Services Infrastructure: Platforms Appliances 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

Scalability

Network and Service Monitoring

Open Architecture

QoS

End-to-End Networking

Security

40

20

Enterprise VPN Router Requirements Core

VPN Optimized Routers Cisco 7200 VXR

Cisco 7500 Cisco 7500

Cisco 7200 Cisco 7200VXR Cisco 7200

Density

Cisco 3600 Cisco 2600

Cisco 3600

Cisco 7100 Series VPN Router

Cisco 2600

Dedicated VPN

Cisco 1720

Branch

VPN—Optimized Routers • High density • High modularity and flexibility • Robust VPN services for hybrid private/VPN environments Cisco 7100 Series Integrated VPN Router • Low WAN Density for VPN topologies • Robust VPN services • Focused I/O

Cisco 800

Services Performance 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

41

VPN Optimized Routers Cisco 800 Series • ISDN access for telecommuters and small office • Integrated firewall • IPSec (2H ’99) • Four ISDN/Ethernet models: Four-port Ethernet hub Dual telephone analog ports North American and worldwide models

• Fixed configuration • Cisco IOS technology 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

42

21

VPN Optimized Routers Cisco 1720 VPN Router • VPN access Cisco IOS technologies Security, QoS, management, reliability/scalability RISC processor for encryption performance IPSec DES encryption at 512 kbps, 256-byte packets Future hardware-assisted encryption @ T1/E1

• Flexibility Autosensing 10/100 Fast Ethernet + two WIC slots + AUX port Any combination of current 1600 WICs and 2600 dual serial WICs

• Network device integration Router—firewall—encryption—VPN tunnel server-DSU/CSU-NT1 Part of Cisco Networked Office stack 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

43

VPN-Optimized Routers Cisco 2600 • Power Branch: RISC processor • Multiservice: data, voice, video • Modular: network module slot, two WAN Interface Card (WIC) slots, one AIM slot • Ethernet, Token Ring, mixed LAN, and 10/100 Fast Ethernet models • HW encryption AIM, H2 ’99 • Compression AIM • Optional integrated firewall 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

44

22

VPN-Optimized Routers Cisco 3600 • Power branch/regional: RISC processor • Multiservice: data, voice, video

Cisco 3640

• Modular: 2/4 network module slots (NM), WAN Interface Cards (WIC) • Ethernet, Token Ring, mixed LAN, and 10/100 Fast Ethernet NMs • Multi T1/E1 HW encryption NM, H2 ’99

Cisco 3620

• Compression NM • Optional integrated firewall 1113 0973_05F9_c2

45

© 1999, Cisco Systems, Inc.

Introducing the Cisco 7100 Series Integrated VPN Router Comprehensive, Integrated High-End VPN Solutions

Feature Rich Routing

Optimized for VPN

Rich VPN Services

• Industry leading routing

• Integrated LAN/WAN • Range of WAN services • Single/dual homed configurations • Extensibility

• Security/tunneling/ high-speed encryption • Firewall and intrusion detection • Advanced bandwidth management • Service level validation

World-class Cisco IOS

• Fast layer 3 routing RIP, OSPF, EIGRP, BGP, NHRP, IGRP

• VPN management 1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

46

23

Cisco 7100 System Highlights Performance

Expansion Slots

• RISC MIPS processor for high throughput and rich VPN services • Modular VPN services processing architecture

• Port adapter slot for LAN/WAN extensibility with Cisco 7XXX series PA • VPN Service Module slot for IPSec DES/3DES acceleration to 90+Mbps

Extensive Memory

Integrated I/O

• 64 MB of system memory for reliable, high-speed services delivery--upgradeable to 256 MB • 64 MB of packet memory for advanced bandwidth management and high latency networks • 40 MB flash memory —upgradeable upgradeable to 110 MB

• • • • •

1113 0973_05F9_c2

Dual auto-sensing 10/100 Fast Ethernet 4 port serial Single or dual port T3/E3 serial or ATM Single port OC3 SM Dual OC3 MM ports

47

© 1999, Cisco Systems, Inc.

Cisco 7200 VXR Multifunction VPN-Optimized Router Hardware Acceleration for Encryption and Compression

Up to 6 High-Speed LAN/WAN Port Adapters

Integrated Multiservice Switching for Voice/Video/Data VPNs

High Speed Security, QoS and Tunneling 1113 0973_05F9_c2

Integrated Firewalling

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

48

24

IPSec Acceleration

• Integrated IPSec encryption and IP compression • VIP-distributed Crypto engine per VIP on 7500

• 7200/7500 hardware accelerator DS3 full duplex 3-DES 2000 tunnels per adapter

• Targets VIP Distributed mid ’99 Hardware acceleration mid ’99 (7200/7500) 1113 0973_05F9_c2

49

© 1999, Cisco Systems, Inc.

Putting it All Together Regional Sites Branches SoHo Telecommuters Mobile Users

Campus Infrastructure Service Provider Infrastructure

Partners

• Extensive security Customers

• Rich quality of service • Service monitoring and audit • Multiservice integration • Integrated policy management • Wide range of platforms and appliances 1113 0973_05F9_c2

• Open standards • Scalability • End-to-end networking

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

50

25

Technology Partners Service Providers

Technologies

Servers

Internet Applications

1113 0973_05F9_c2

System Integrators

51

© 1999, Cisco Systems, Inc.

VPN Deployment Options Increasing Enterprise Network Role

90%

50%

10%

Network manager

Network manager

Net manager

•• Buys Buys products products from from VPN VPN vendor vendor

•• Provides Provides ongoing ongoing application application and and configuration configuration management management and and help help desk desk support support

•• Administers Administers security security server server

•• Manages Manages network network

Service provider Service provider •• Supplies Supplies basic basic Internet Internet access access

10%

•• Supplies Supplies VPN VPN equipment equipment and and adds adds QoS QoS to to bandwidth bandwidth offering offering

50%

Service provider •• Supplies Supplies complete complete VPN VPN solution, solution, including including service, service, training, training, and and help help desk desk

90%

Increasing Service Provider Role Source: Infonetics, 1997

1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

52

26

Choosing a Service Provider

Over 120 Certified Service Providers Worldwide

1113 0973_05F9_c2

53

© 1999, Cisco Systems, Inc.

VPNs From CPNs

• @Home, Infornet, Pilot Network Services, BellSouth, Ameritech, Hong Kong Telecom, IXC Communications, Swisscom, TopNet AG, Equant, WorldCom, US West, GlobalOne, KPN, Telemedia International…

1113 0973_05F9_c2

© 1999, Cisco Systems, Inc.

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr

54

27

Service Level Agreements

• Typical service level agreement* Overall network availability

99.7%

Dial port availability

99.5%

End-to-end latency

150 ms roundtrip

Local loop availability

99.7%

Packet loss