Encore Networks

Frequently Asked Questions - BANDIT™

1. What is a BANDIT?
The BANDIT™ stands for Broadband Access Network Device for Intelligent Termination. "Broadband" is defined as agnostic to different broadband access methods, such as xDSL, cable, T1, and wireless network link. "Intelligent," in this context, refers to multi-function customer premises equipment (CPE) that supports IP routing, Virtual Private Network (VPN) gateways, IPsec security, legacy data protocols (ALC, bisync, X.25, SDLC, etc.), and dial backup.

2. What does the BANDIT™ do?
The BANDIT™ is a single, multi-function CPE that replaces the need for multiple single-function units. Its capabilities and features include IP routing (static, RIP V1/V2), FRAD, IPsec VPN gateway, built-in firewall, NAT, DHCP, support for legacy data protocols (SDLC, X.25, ALC, polled async, and bisync), and dial backup.

3. What is the BANDIT's target market?
The BANDIT™ is the ideal solution for enterprise customers, carriers, and vertical markets. Enterprise customers are attracted to its robust feature set and strong price/performance/functionality ratio. Carriers benefit when migrating their Frame Relay networks to support other value-added services, such as broadband and IP-based VPNs. Vertical markets, such as the transportation and banking industries, can quickly and easily migrate their legacy systems and specialized protocols to standards-based IP networks.

4. What are the key applications the BANDIT™ supports?
Given its flexible architecture and the rich feature set, the BANDIT™ supports a wide range of applications that fit the requirements of different categories of customers (e.g., enterprise and carrier). The key applications are:

  • Broadband connectivity for remote/branch office over public IP and Frame Relay networks
  • Encryption for IP VPNs and built-in firewall functionality
  • Migration of legacy data networks to IP based infrastructure
  • Dial backup capability for load sharing and disaster recovery
  • Managed router services that can be configured and managed remotely from a carrier's centralized network operation center (NOC)

5. How many simultaneous tunnels does the BANDIT™ support?
The BANDIT™ terminates up to 30 separately encrypted tunnels at one time. A hardware accelerator for encryption ensures that there is no reduction in throughput, even when all tunnels are active.

6. Do I need to have a BANDIT™ at both ends of a network to support IP encryption?
No. the BANDIT™ supports standards-based IPsec encryption using Data Encryption Standard (DES) and triple-DES (3DES). The BANDIT™ interoperates with other standards-compatible IPsec software clients, as well as other vendors' VPN gateways. This flexibility allows carriers and enterprise customers to deploy a wide variety of network technologies and topologies to meet every need for secure communication over the Internet.

7. How does the BANDIT™ protect a site from hackers?
The BANDIT™ provides several security features that work together to protect customer networks and IT assets. IP-based, encrypted tunnels leave hackers little opportunity to break into the Intranet. Also, authentication, access control lists (ACLs), and IP address filtering ensure access from and to only authorized and trusted locations. In addition, dynamic network address translation (NAT) and DHCP not only provide a different kind of protection, but are also used in tandem to enhance the security of encrypted tunnels.

8. Does the BANDIT™ support authentication?
The BANDIT™ supports several authentication protocols such as PAP, CHAP, and HMAC MD-5 /HMAC SHA-1. In addition, the BANDIT™ supports both IKE and ISAKMP key exchange protocols that are based on RSA certificates (public keys).

9. How does the BANDIT™ support legacy protocols?
A wide range of legacy data protocols perfected in Encore Networks' earlier line of Frame Relay Access Devices (FRADs) is the basis of the BANDIT™ product. Terminals and hosts using Airline Link Control (ALC); asynchronous and synchronous polled protocols such as IBM's SDLC and bisync; and X.25 packet switching can communicate over the Internet through the same encrypted tunnels used by IP or over Frame Relay networks.

10. How does dial backup work?
The BANDIT™ contains an integral V.90 modem that can dial out or accept calls on a standard voice-grade phone line. Typically, the BANDIT™ recognizes the loss of the DSL service, cable modem, or other primary line, and calls a Remote Access Server (RAS) in much the same way a PC calls into an Internet Service Provider (ISP). In fact, the call may be placed to an ISP, or to a RAS owned by the user's organization. The routing function in the BANDIT™ identifies the new path, DHCP obtains an IP address for the duration of the backup connection, and traffic resumes automatically within a short period of time. If the RAS supports compression, the internal modem negotiates to turn it on for the session, potentially doubling the throughput of a connection.

11. How do I configure and manage a BANDIT™ router?
The BANDIT™ includes a comprehensive set of network management capabilities, diagnostics features, and plug-and-play configuration functions that simplify deployment and keep overall operating expenses low.

The intuitive menu-driven craft interface makes configuration a snap and reduces the need for training. The operator picks the next step with one key stroke. Only those few parameters that are unique to each device, such as its name, require typing. There are no commands to learn. The same interface is accessible from a terminal on the dedicated serial port, via Telnet, or through the integral modem port.

Three levels of passwords restrict a user to read-only privileges or limited control, or allow full control, regardless of the access method. Full SNMP support eases integration with existing Office System Solution (OSS) systems. Also, guaranteed delivery of critical SNMP trap messages ensures that important event reports are preserved during network outages.

Remote diagnostics include traffic monitoring on any port, extensive statistics, data-scope analysis of protocols, and test configurations, such as loop-backs. All management functions are controllable from the NOC.

12. Are there limitations on topologies or configurations of the network?
None. In fact, the BANDIT's architecture is fully symmetrical. That is, any port may be configured for any purpose. For example, the serial port can emulate a terminal controller with a polled async protocol, or it can operate at 2 Mbps on an IP/PPP link to the Internet. It is possible to configure the modem port as the primary network link. This flexibility allows a user with a BANDIT™ in a regional office to set up encrypted tunnels to dozens of smaller office branches, mobile workers, or home offices. Users at the remote sites can communicate not only with the regional office, but also with any other location that has an encrypted tunnel established. The BANDIT™ switches or routes traffic amongst the tunnels it terminates.

13. What are the BANDIT's different configuration options?
The BANDIT™ comes standard with two Ethernet LAN ports, and a V.90 modem port for dial backup. Two optional serial ports, available separately, provide support for legacy data support, as well as T1 and fractional T1 termination via built-in CSU capability.

14. What is the BANDIT's list price?
The BANDIT's pricing depends on the configuration and on the customer's application. Please contact your Encore Networks sales representative for more information.

15. How do I order a BANDIT?
To discuss BANDIT™ pricing options and details about placing an order, call Encore Networks at 703- 318-7750, or send an email to sales@encorenetworks.com

 
 
   Encore Networks, Inc.   © 2015