Avici takes peering, DoS defense to the edge

NORTH BILLERICA, MASS. - In an effort to broaden the application and revenue opportunities of its Internet core routers, Avici Systems last week unveiled software designed for aggregating lower-speed links and peering between service providers' networks.

The software, IPriori 4.2, now includes features specific to aggregation and peering functions closer to the network edge, such as packet accounting, filtering and quality-of-service marking capabilities. The software is intended to reduce the number of devices required in service provider points of presence for edge aggregation, which will let users better defend against denial-of-service (DoS) attacks, Avici says.

Avici's forte has been core routing, which operates in the OC-48 to OC-192 range. With IPriori 4.2, Avici is looking to make an impact in the lower-speed arena of OC-3, OC-12 and Gigabit Ethernet.

Avici also released a new eight-port Gigabit Ethernet module for its routers that's designed to take advantage of the new software. This module - along with an existing 16-port OC-3 card for Avici's routers - lets the vendor offer densities of 320 Gigabit Ethernets and 640 OC-3s per 7-foot rack.

But densities like that mean nothing without software. IPriori 4.2 runs on Avici's Terabit Switch Router (TSR) and Stackable Switch Router (SSR) platforms. Key features include NetFlow+, port mirroring and packet filtering, which are designed to let carriers perform diagnostic traffic analysis and provide protection for their networks from attacks.

NetFlow+ is a packet accounting and billing capability that ostensibly is compatible with Cisco's NetFlow packet accounting technique. This may give carriers currently deploying Cisco routers for aggregation and peering incentive to consider Avici's TSR and SSR.

"NetFlow is a key differentiator" for Avici, says Chris Nicoll, an analyst with Current Analysis. "It helps [IPriori] 4.2 make a strong statement to say, 'If it's a Cisco network, we can slip in there.'"

Cisco owns about 80% of the market for 1G to 9G bit/sec routers used for IP aggregation and peering, and about 73% of the market for higher-class systems, according to Dell'Oro Group. Nicoll says loosening Cisco's stranglehold on the market will be Avici's biggest challenge with IPriori 4.2.

Meanwhile, the software's port-mirroring capability copies traffic to a predefined port for inspection. The entire packet can be viewed with an analyzer to determine if a DoS attack is under way, Avici says.

Packet filtering can be enabled by IPriori 4.2's ability to establish 2,000 access control lists per module, which equates to 80,000 ACLs per TSR and 40,000 per SSR. With this capability, carriers that peer their networks can filter traffic based on source/destination addresses, TCP/User Datagram Protocol (UDP) port numbers, and protocols to determine whether packets should be forwarded, discarded or mirrored for further inspection.

IPriori 4.2 and the eight-port Gigabit Ethernet card are available now. Pricing was not disclosed.

Other recent articles by Duffy

RELATED LINKS

Avici: www.avici.com