CoSine IPSG ™ and IPSG+

CoSine IPSG and IPSG+
Offer Compelling Network-Based IP Services
The IP Service Generator (IPSG™) and the IPSG+™ are self-contained
service modules built to deliver highly desirable, network-based IP
services at multi-gigabit wire speeds. Both modules occupy dual slots
within the IPSX 9500™ and IPSX 3500™ Service Processing Switches,
empowering you to offer a wide array of compelling network-based
IP services that go beyond basic routing and site-to-site Virtual
Private Network (VPN) services.
With the IPSX switch and the powerful IPSG/IPSG+, you can offer
a multi-tiered service package from a single network
connection. Because the IPSG and IPSG+ leverage a virtualized
and distributed architecture, you can rapidly and cost
effectively create and deliver processor-intensive services—
without affecting performance or scale.
In contrast, edge routers, constrained by a centralized
processing architecture and legacy software, are unable to
deliver more than one major service on an entire platform.
• Accelerates carrier revenue Services such as firewall, remote access VPNs and scalable
• Scales service processing
DSL Network Aggregation (DNA) are available on a single
IPSG/IPSG+ and provide additional revenue opportunities, so
• Delivers multi-gigabit
you can thrive in a highly competitive market. To deliver this
wire-speed performance
same level of service with a traditional edge router, you
• Leverages hardware
would need to deploy multiple boxes—in many cases, these
boxes would be pieced together from multiple vendors'
The silicon enhancements to the IPSG+, combined with the
powerful new software capabilities in CoSine’s Linux-based IP
Network Operating Systems (IPNOS™) management system,
boost performance to unprecedented levels and increase
subscriber capacity. These enhancements reduce the cost per
subscriber and enable you to continually add new marketdriven services. In turn, global 500 companies are turning to
network-based services because it provides them with increased
service options while enabling reduced IT infrastructure expenses
in today’s challenging economy.
Innovative IP
Service Generators
Virtualized Architecture Enables Profitable IP Services
The IPSG/IPSG+ works in unison with the IPNOS management system to virtualize
routing and service elements while making optimal use of processing resources to
drive scalability and performance. Based on virtual routing technology, the
IPSG/IPSG+ and IPNOS make it possible to dedicate routing resources for each
subscriber network. The IPSG/IPSG+ solution distributes processing and
forwarding, providing the resources needed to isolate and deliver multiple
subscriber services with high reliability and performance.
Each Virtual Router (VR) is a fundamental building block for a subscriber network,
logically separating resources to ensure the security and integrity of the
connection. The VR carries a unique combination of market-driven services that
enables you to offer enterprise customers more than just basic routing or VPN
service. These services are distributed across routing engines and are hardwareaccelerated for wire-speed performance. Additionally, enhancements to the
IPSG/IPSG+ architecture provide the added benefit of optimizing dynamic
connections for the rapid set-up and teardown of broadband networks. The
complete portfolio of market-driven services include:
• VPNs: Site-to-site (IPSec, MPLS, L2TP, PPTP) and remote access
• ICSA-certified CoSine-originated IP Stateful Firewall (IPSF™)
• Frame Relay integration: IP-enabled Frame Relay, Frame Relay to IPSec
• Network Address Translation (NAT) and Port Address Translation (PAT) with
IPSec Network Address Translation Traversal (NAT-T) (IPSG/IPSG+)
• DoSShield™: Denial of Service (DoS) protection
• Extranets
• Public Key Infrastructure (PKI) Certificate Authorities (CAs)
• IP Class of Service (CoS) and Quality of Service (QoS)
er Net
Sub ev
D ice
ner 2
g Part
rer 1
to Man
ner 1
g Part
urer 2
Virtual Router
Tunnel Termination
Auto M
DSL Network Aggregation (DNA) Example
Scalable Service Processing Reduces Cost Per Subscriber
The IPSG+ is the industry’s first service module to scale IP services to the levels required
for applications such as DNA. With the IPSG/IPSG+, you can cost-effectively offer service
to tens of thousands of enterprises and end users from a single blade.
This scalability is made possible by the innovative architecture of the IPSG/IPSG+, which
efficiently applies the processing resources needed to generate a wide array of IP
services. A single IPSG/IPSG+ operates as a complete system with forwarding, routing
and IP services. Application-tailored engines connect to the IPSG/IPSG+ fabric,
contributing the powerful computing resources for delivering multiple services.
To achieve services at multi-gigabit wire-speeds, all system elements along the packet
data path are designed with high-bandwidth streaming interfaces. IPNOS provides the
framework for intelligent management of all hardware and software resources.
When combined, these elements enable the IPSG/IPSG+ to deliver IP services at a
capacity that is unrivaled in the industry.
The IPSG/IPSG+ Architecture Scales Service Delivery to the
Industry's Highest Levels
Powerful Multi-Gigabit Wire-Speed Performance
Designed to leverage the virtualization of IPNOS, the highly-distributed IPSG/IPSG+
hardware architecture features the Virtual Routing Engine (VRE/VRE+) and the
Advanced Security Engine (ASE). These two modular application-tailored engines
provide the processing power and unique intelligence to drive multi-gigabit rate
service delivery.
Virtual Routing Engine (VRE/VRE+): The VRE/VRE+ enables packet classification, deep
packet inspection and service customization for one million Access Control List (ACL)level flows. Subscriber and service provider routing are handled on separate VREs/VRE+
components within the same IPSG/IPSG+, further enhancing performance and
scalability. The VRE/VRE+ also performs high-end computing techniques that optimize
network-based performance for leading third-party applications.
Advanced Security Engine (ASE): The ASE rapidly accelerates encryption/decryption
processing for IPSec site-to-site and dial VPNs. Unlike edge routers that are constrained
by a Central Processing unit (CPU) and memory, the IPSG family features onboard
memory and processing elements. Both the IPSG and the IPSG+ work cooperatively
with IPNOS to dynamically allocate routing and computationally-intense services to the
best available hardware resources. Because processing elements and distributing
functions are partitioned across multiple application-tailored engines, the services and
functional requirements of access and trunk environments are unified in the same
architecture. So while competitive service cards offer a simple line interface, the
IPSG/IPSG+ is essentially a complete switch within a switch. Additionally, the modular
engine design makes it possible to modify individual IPSG/IPSG+ configurations as
service requirements change, extending the lifecycle of your technology investment.
IPSG/IPSG+ Connectivity Options
Flexible, Cost-Effective Connectivity
The modular design of the IPSG/IPSG+ provides flexibility within a single IPSG/IPSG+ to
support many different interface types and a variety of customer requirements. This
design is a more cost-effective solution than purchasing separate line cards, allowing
you to leverage the full processing power of the IPSG/IPSG+ across many interfaces.
Connectivity ports are available in two form factors: line interfaces that are built in as
part of the base configuration and network modules that can occupy several
IPSG/IPSG+ slots. A single IPSG/IPSG+ can support one line interface and up to three
network modules. Combining line interface and network module form factors results in
higher port densities.
Enable the Convergence of Subscriber Management
Massive Processing Power and Hardware Acceleration: Because IP services are
computationally intense, the IPSG/IPSG+ leverages the highest performance embedded
multi-processor in the industry—the 700 MHz IBM® PowerPC 750FX, as well as CoSine’s
fully-programmable IP services silicon. Each CPU delivers the highest levels of
processing capability, ensuring that all services are operating at optimal performance
levels. Hi/fn 7851 encryption accelerators and Hi/fn 6500 public key accelerators
perform the encryption/decryption and authentication processes integral to delivering
security services. CoSine’s IP service silicon maximizes the overall efficiency of the
IPSG/IPSG+ by using high-end computing techniques to offload regularly computed
and memory-intensive IP service functions from the IPSG/IPSG+ CPUs. This process frees
CPU processing power and memory for application-layer packet processing.
Additionally, CoSine’s silicon is designed for programmability, preserving your
investment while providing a migration path to future capabilities.This custom silicon
enables the industry’s highest aggregate service processing rates, culminating in
application service customization at the user level without performance degradation.
The resulting capability allows you to offer tiered services with varying Service Level
Agreements (SLAs).
Per IPSX 3500
Per IPSX 9500
Line Interfaces
1-port Gigabit Ethernet
1 port
3 ports
12 ports
1-port OC-12/STM-4 POS
1 port
3 ports
12 ports
4-port OC-3/STM-1 POS
4 port
12 ports
48 ports
9-port DS3c/DS3UNI/E3UNI
9 ports
252 T1s
3,072 DS0s
27 ports
756 T1s
9,216 DS0s
108 ports
3,024 T1s
36,864 DS0s
1-port Gigabit Ethernet
3 ports
9 ports
36 ports
4-port OC-3/STM-1 ATM
12 ports
36 ports
144 ports
4-port OC-3/STM-1 Channelized
12 ports
36 ports
144 ports
1-port OC-12/STM-4 ATM
3 ports
36 ports
9 ports
Advanced Subscriber Management (ASM) presents a new service paradigm that
supports advanced connectivity and bundled service options across your portfolio of
access technologies. The IPSG architecture allows you to offer ASM capability in the
most flexible manner possible.
The modular design of the IPSG architecture supports today’s requirements for dynamic
subscriber provisioning and service creation. The platform supports efficient scaling to
tens of millions of subscribers for large network deployment. Each IPSG supports multigigabit subscriber termination capabilities, providing unmatched platform density.
Processing power is increased incrementally each time an IPSG is added to an IPSX
Network Modules
The IPSX platform is also highly fault tolerant to support nonstop operation for its many
thousands of subscribers. Continuous forwarding and control plane redundancy
prevents exposure of subscriber control systems and eliminates the need to reestablish
subscriber sessions.
CoSine IPSG and IPSG+
Innovative IP
Service Generators
Features and Specifications
Security Services
Authentication, Authorization and Accounting
• Static routes
• RIP v1 (RFC 1058), RIP v2 (RFC 2453)
• OSPF v2 (RFC 2328)
• BGP-4 (RFC 1771)
• MP-BGP (RFC 2858)
• IS-IS (RFC 1142)
• ECMP routing
• Policy-based forwarding
• Private addressing (RFC 1918)
• NAT, NAT-T (RFC 2663)
• IGMPv2 proxy (RFC 2236)
• ICSA-certified firewall
• IPSec support (RFCs 2401-2412): IPSec compression,
Authentication Header (AH) (RFC 2402), Encapsulating
Security Payload (ESP) (RFC 2406), Internet Key Exchange
(IKE) (RFC 2409)
• Encryption: RC4, DES and 3DES (RFCs 1829, 1851)
• Support for VeriSign®, Entrust®, Baltimore™, Netscape®
and other PKCS #10 compliant Certificate Authorities
• Private addressing (RFC 1918)
• DoSShield for DoS protection
• ACLs
• RADIUS (RFC 2138, 2139)
• X.509 Digital Certificates
• RSA SecurID Tokens
• LDAP (RFC 2251)
Layer 2 Encapsulations
• VLAN IEEE 802.1q
• PPP (RFC 1661)
• MultiProtocol over Frame Relay (RFC 2427)
• Frame Relay UNI (FRF.1) HDLC, ATM PVC, MLPPP
(RFC 1990)
MultiProtocol Label Switching (MPLS)
• Tag Switching (RFC 2105)
• Traffic Engineering (RFC 2702)
• MPLS architecture (RFC 3031) and related IETF drafts
• Explicit, best effort (SPF) and dynamic (CSPF) routes
• Label Stack Encoding (RFC 3032)
• OSPF, IS-IS traffic engineering extensions
• RSVP-TE, LDP (RFC 3036)
• BGP/MPLS VPNs (RFC 2547)
• Layer 2 MPLS VPNs (Martini, related IETF drafts), VPLS
Tunneling Support
• Fully meshed site-to-site IPSec VPNs
• Dial tunnel termination: PPTP, IPSec, L2TP, GRE
• IPSec dial client support for CoSine VPN client and
Windows® 2000/XP, L2TP Network Server (LNS)/L2TP Access
Concentrator (RFC 2661), L2TP tunnel switching
• IPass™ global VPN roaming support
Fujitsu Network Communications Inc.
2801 Telecom Parkway, Richardson, TX 75082
Tel: 800.777.FAST
Fax: 972.479.6900
Regulatory Compliance
• EMC Emissions
• EMC Immunity
• Safety
FCC Part 15 Class A
CE Mark
UL 1950
CSA 22.2-No.950
Quality of Service (QoS)
• IPv4 TOS, DiffServ marking per VR, per VI, per ACL
• DiffServ PHB: EF, AF
• VI burst rate control
• IP traffic policing
• Metering and marking based on dual token bucket
(RFC 2698)
• Eight strict priority and WRR queues per logical interface
and on the midplane
• DiffServ mapping to MPLS FECs
• CoSine IPNOS
• CoSine InVision™ SMS
• CoSine InGage™ CNM system
• SNMP v2c (RFC 1902)
• Out of band through RS-232 synchronous port
• Telnet
Power Consumption/Heat Dissipation
• Power Consumption
• Heat Dissipation
600 W
5100 BTU
Operating Environment
Frame Relay Integration Services
• IP-enabled Frame Relay
• Frame Relay to IPSec interworking
• Temperature
• Humidity
0 to 40° C (32° to 104° F)
10 to 90% (non-condensing)
Physical Characteristics
Secure DSL Services
• Dimensions (H x W x D)
• PPP over Ethernet (RFC 2516)
• PPP over ATM (RFC 2364)
• PPP over FR (RFC 1973)
• IP over ATM (RFC 1483), bridged and routed
• PPP terminated aggregation
• DHCP Relay (RFC 2131), automatic session detection
• Weight
15.5 x 10.125 x 2.5”
(394 x 257 x 64 mm)
11.5 lb (5.2 kg)
Features and Specifications subject to change without notice.
© Copyright 2004 Fujitsu Network Communications Inc. All rights reserved.
FASST (and design)™ is a trademark of Fujitsu Network Communications Inc. (USA).
FUJITSU (and design)® and THE POSSIBILITIES ARE INFINITE™ are trademarks of Fujitsu Limited.
All other trademarks are the property of their respective owners.
Download PDF