The BANDIT™ stands for Broadband Access Network Device for Intelligent Termination. “Broadband” is defined as agnostic to different broadband access methods, such as xDSL, cable, T1, and wireless network link. “Intelligent,” in this context, refers to multi-function customer premises equipment (CPE) that supports IP routing, Virtual Private Network (VPN) gateways, IPsec security, legacy data protocols (ALC, bisync, X.25, SDLC, etc.), and dial backup.
The BANDIT™ is a single, multi-function CPE that replaces the need for multiple single-function units. Its capabilities and features include IP routing (static, RIP V1/V2), FRAD, IPsec VPN gateway, built-in firewall, NAT, DHCP, support for legacy data protocols (SDLC, X.25, ALC, polled async, and bisync), and dial backup.
The BANDIT™ is the ideal solution for enterprise customers, carriers, and vertical markets. Enterprise customers are attracted to its robust feature set and strong price/performance/functionality ratio. Carriers benefit when migrating their Frame Relay networks to support other value-added services, such as broadband and IP-based VPNs. Vertical markets, such as the transportation and banking industries, can quickly and easily migrate their legacy systems and specialized protocols to standards-based IP networks.
Given its flexible architecture and the rich feature set, the BANDIT™ supports a wide range of applications that fit the requirements of different categories of customers (e.g., enterprise and carrier). The key applications are:

  • Broadband connectivity for remote/branch office over public IP and Frame Relay networks
  • Encryption for IP VPNs and built-in firewall functionality
  • Migration of legacy data networks to IP based infrastructure
  • Dial backup capability for load sharing and disaster recovery
  • Managed router services that can be configured and managed remotely from a carrier’s centralized network operation center (NOC)
The BANDIT™ terminates up to 30 separately encrypted tunnels at one time. A hardware accelerator for encryption ensures that there is no reduction in throughput, even when all tunnels are active.
No. the BANDIT™ supports standards-based IPsec encryption using Data Encryption Standard (DES) and triple-DES (3DES). The BANDIT™ interoperates with other standards-compatible IPsec software clients, as well as other vendors’ VPN gateways. This flexibility allows carriers and enterprise customers to deploy a wide variety of network technologies and topologies to meet every need for secure communication over the Internet.
The BANDIT™ provides several security features that work together to protect customer networks and IT assets. IP-based, encrypted tunnels leave hackers little opportunity to break into the Intranet. Also, authentication, access control lists (ACLs), and IP address filtering ensure access from and to only authorized and trusted locations. In addition, dynamic network address translation (NAT) and DHCP not only provide a different kind of protection, but are also used in tandem to enhance the security of encrypted tunnels.
The BANDIT™ supports several authentication protocols such as PAP, CHAP, and HMAC MD-5 /HMAC SHA-1. In addition, the BANDIT™ supports both IKE and ISAKMP key exchange protocols that are based on RSA certificates (public keys).
A wide range of legacy data protocols perfected in Encore Networks’ earlier line of Frame Relay Access Devices (FRADs) is the basis of the BANDIT™ product. Terminals and hosts using Airline Link Control (ALC); asynchronous and synchronous polled protocols such as IBM’s SDLC and bisync; and X.25 packet switching can communicate over the Internet through the same encrypted tunnels used by IP or over Frame Relay networks.
The BANDIT™ contains an integral V.90 modem that can dial out or accept calls on a standard voice-grade phone line. Typically, the BANDIT™ recognizes the loss of the DSL service, cable modem, or other primary line, and calls a Remote Access Server (RAS) in much the same way a PC calls into an Internet Service Provider (ISP). In fact, the call may be placed to an ISP, or to a RAS owned by the user’s organization. The routing function in the BANDIT™ identifies the new path, DHCP obtains an IP address for the duration of the backup connection, and traffic resumes automatically within a short period of time. If the RAS supports compression, the internal modem negotiates to turn it on for the session, potentially doubling the throughput of a connection.
The BANDIT™ includes a comprehensive set of network management capabilities, diagnostics features, and plug-and-play configuration functions that simplify deployment and keep overall operating expenses low.

The intuitive menu-driven craft interface makes configuration a snap and reduces the need for training. The operator picks the next step with one key stroke. Only those few parameters that are unique to each device, such as its name, require typing. There are no commands to learn. The same interface is accessible from a terminal on the dedicated serial port, via Telnet, or through the integral modem port.

Three levels of passwords restrict a user to read-only privileges or limited control, or allow full control, regardless of the access method. Full SNMP support eases integration with existing Office System Solution (OSS) systems. Also, guaranteed delivery of critical SNMP trap messages ensures that important event reports are preserved during network outages.

Remote diagnostics include traffic monitoring on any port, extensive statistics, data-scope analysis of protocols, and test configurations, such as loop-backs. All management functions are controllable from the NOC.

None. In fact, the BANDIT’s architecture is fully symmetrical. That is, any port may be configured for any purpose. For example, the serial port can emulate a terminal controller with a polled async protocol, or it can operate at 2 Mbps on an IP/PPP link to the Internet. It is possible to configure the modem port as the primary network link. This flexibility allows a user with a BANDIT™ in a regional office to set up encrypted tunnels to dozens of smaller office branches, mobile workers, or home offices. Users at the remote sites can communicate not only with the regional office, but also with any other location that has an encrypted tunnel established. The BANDIT™ switches or routes traffic amongst the tunnels it terminates.

The BANDIT™ comes standard with two Ethernet LAN ports, and a V.90 modem port for dial backup. Two optional serial ports, available separately, provide support for legacy data support, as well as T1 and fractional T1 termination via built-in CSU capability.
The BANDIT’s pricing depends on the configuration and on the customer’s application. Please contact your Encore Networks sales representative for more information.
To discuss BANDIT™ pricing options and details about placing an order, call Encore Networks at 703- 318-7750, or send an email to sales@encorenetworks.com

Satellite FAQ

Encore Network’s patented breakthrough SLE™ is a feature that improves the performance of IP Virtual Private Network (VPN) services over satellite networks.
SLE™ enables data encryption above the TCP/IP layers. Specifically, it enables interoperability with enhanced satellite link protocols, mitigating the long propagation delay characteristics associated with satellite networks and resulting in significant performance improvements of IP VPNs over satellite links.
You configure SLE™ tunnels in the same way as standard IPSec tunnels. The data above TCP layer is encrypted using the negotiated encryption algorithms and dynamic keys.
SLE™ enables you to encrypt selective TCP traffic by defining the policy rules according to your requirements. You can set the policy rules to expose or encrypt applications that operate above the TCP layers (e.g., HTTP, Telnet, FTP, etc.). SLE™’s flexible design makes it is easy to add and set other Layer 4 protocols to the same scheme already defined.
To date, Encore has successfully tested the BANDIT™ with Hughes modems; however, the design is open to other satellite modems as well.
There is no separate charge for the SLE™ support in the BANDIT™. SLE™ will be included as a standard BANDIT™ feature with Software Release 2.
To discuss BANDIT™ pricing options and details about placing an order, call Encore Networks at 703- 318-7750, or send an email to sales@encorenetworks.com

Signaling FAQ

The SignalPath™ Signaling Gateway is a line of advanced signaling protocol converters designed to resolve protocol incompatibilities that exist between communications networks. The combined product line, which includes the SP230, SP201, and SP201-SA products, can collectively handle conversions for SS7, C7, C5, PRI ISDN, NI2 ISDN, R1, R2, DTMF,and SGCP, as well as a large number of custom protocol variants.
In-band signaling: A signaling method in which network control and call setup signals are sent over the same path as the user’s transmission. With inband call setup signals occupying the communications pathway, transmission of the user message must wait until the call setup process is completed.

Out-of-band signaling: A signaling method in which network control and call setup signals are sent over a separate digital channel, called a signaling link. This method allows for the transport of more data at higher speeds since setup signals and transmission of user messages can be sent simultaneously.

The SP230 has a modular design, with a capacity of up to 52 E1 or T1 interfaces, allowing users to scale the product to fit small or large applications while incurring a low upfront investment. Depending on the software loaded on the card(s), it can handle conversions for SS7, C7, PRI ISDN, NI2 ISDN, CAS (R1, R2, DTMF), and SGCP.

The SP201 features a compact 1U height designed for budgeted space, with a capacity of up to 4 E1 or T1 interfaces on one Aggregate Card for the customer with low-end requirements. Depending on the software loaded on the one card, it can handle conversions for SS7, C7, PRI ISDN, NI2 ISDN, or CAS (R1, R2, DTMF).

The SP-201-SA is a very small, economical unit that provides one T1 or E1 trunk connection for protocol conversions between CAS (R1, R2, DTMF) and ETSI PRI ISDN or NI2 ISDN networks. It was developed specifically for PBX, IP-PBX, and video-conferencing applications.

  • C7 refers to the Signaling System No. 7 specified by ITU-T recommendations.
  • For the Integrated Services User Part (ISUP), these recommendations are Q.767, Q.701- Q.704, Q.705, Q.708, Q.709, Q.780- Q.782, Q.784, and Q.788.
  • SS7 refers to the Signaling System No. 7 specified by BellCore TR-NWT-00264, ANSI T1.111a, T1.112, T1.113a, T1.114, T1.116, and T1.234-T1.236.
  • The SP230 supports up to 52 SS7 links per chassis.
  • The SP201 supports up to 4 SS7 links per chassis.
  • The SP230 supports up to eight E1 or T1 trunks per Aggregate card, or up to 104 full duplex trunks, per chassis.
  • The SP201supports up to four E1 or T1 trunks, or eight full duplex trunks, per chassis.
  • The SP201-SA supports one T1 or one E1 trunk, bi-directionally.
  • The SP230 supports up to 248 channels per Aggregate Card (AGC), or up to 3,224 channels per chassis. Each chassis can contain up to 13 AGCs.
  • The SP201 supports up to 31 channels per trunk, or up to 248 channels per chassis.
  • The SP201-SA supports up to 30 channels per chassis.
This depends on the application. For an ANSI SS7 to ITU-T SS7 conversion, the bearer traffic needs to pass through the SignalPath 230 only if T1 to E1 rate conversion is required. For an R2 and PRI ISDN to SS7 conversion, the bearer traffic must pass through the SignalPath for the conversion to be properly handled.
You can configure the SS7 channel for either 56 kbps (T1) or 64 kbps (E1).
Can it be mapped to a port? You can configure the appearance of the SS7 channel on any one of the timeslots in the T1 link or in timeslots 1–31 in the E1 link using either the command console interface or the System Controller Module. Timeslot 0 is reserved for framing per G.703/704 ITU-T requirements.
A complete list of country protocols and variants we support is available under Country List.
No. T1 to E1 rate conversion is performed within the same modules that handle protocol conversion.
You can perform system provisioning locally or remotely through the System Controller Module.
The SP230 supports redundancy. You can order additional power supplies, alarm cards, provisioning System Controller cards, and signaling links to provide redundancy.
The standard delivery is 30 days (typically less) ARO for an off-the-shelf product. If additional work is required to add a new protocol variant, the delivery timeframe increases proportionally to the amount of time required to implement the new variant. We can provide a firm delivery commitment upon review of the line and register signaling specifications for your specific application.

Technical Bulletin – Configuring EN-1000™ / EN-2000™ Pass-Through Mode