Proxy Server

In an enterprise that uses the Internet, a proxy server is a server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion.




A proxy server receives a request for an Internet service (such as a Web page request) from a user. If it passes filtering requirements, the proxy server, assuming it is also a cache server , looks in its local cache of previously downloaded Web pages. If it finds the page, it returns it to the user without needing to forward the request to the Internet. If the page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, the proxy server relates it to the original request and forwards it on to the user.


To the user, the proxy server is invisible; all Internet requests and returned responses appear to be directly with the addressed Internet server. (The proxy is not quite invisible; its IP address has to be specified as a configuration option to the browser or other protocol program.

An advantage of a proxy server is that its cache can serve all users. If one or more Internet sites are frequently requested, these are likely to be in the proxy's cache, which will improve user response time. In fact, there are special servers called cache servers. A proxy can also do logging.


The functions of proxy, firewall, and caching can be in separate server programs or combined in a single package. Different server programs can be in different computers. For example, a proxy server may in the same machine with a firewall server or it may be on a separate server and forward requests through the firewall.

 A proxy server has many potential purposes, including:

* To keep machines behind it anonymous (mainly for security).[1]
* To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.[2]
* To apply access policy to network services or content, e.g. to block undesired sites.
* To log / audit usage, i.e. to provide company employee Internet usage reporting.
* To bypass security/ parental controls.
* To scan transmitted content for malware before delivery.
* To scan outbound content, e.g., for data leak protection.
* To circumvent regional restrictions.

A proxy server that passes requests and replies unmodified is usually called a gateway or sometimes tunneling proxy.

A proxy server can be placed in the user's local computer or at various points between the user and the destination servers on the Internet.

A reverse proxy is (usually) an Internet-facing proxy used as a front-end to control and protect access to a server on a private network, commonly also performing tasks such as load-balancing, authentication, decryption or caching.

Caching proxy server - accelerates service requests by retrieving content saved from a previous request made by the same client or even other clients. Caching proxies keep local copies of frequently requested resources, allowing large organizations to significantly reduce their upstream bandwidth usage and cost, while significantly increasing performance. Most ISPs and large businesses have a caching proxy. These machines are built to deliver superb file system performance (often with RAID and journaling) and also contain hot-rodded versions of TCP. Caching proxies were the first kind of proxy server.
Another important use of the proxy server is to reduce the hardware cost. An organization may have many systems on the same network or under control of a single server, prohibiting the possibility of an individual connection to the Internet for each system. In such a case, the individual systems can be connected to one proxy server, and the proxy server connected to the main server.

Web proxy

A proxy that focuses on World Wide Web traffic is called a "web proxy". The most common use of a web proxy is to serve as a web cache. Most proxy programs provide a means to deny access to URLs specified in a blacklist, thus providing content filtering. This is often used in a corporate, educational or library environment, and anywhere else where content filtering is desired. Some web proxies reformat web pages for a specific purpose or audience, such as for cell phones and PDAs.
.
Content-filtering web proxy

A content-filtering web proxy server provides administrative control over the content that may be relayed through the proxy. It is commonly used in both commercial and non-commercial organizations (especially schools) to ensure that Internet usage conforms to acceptable use policy. A content filtering proxy will often support user authentication, to control web access. It also usually produces logs, either to give detailed information about the URLs accessed by specific users, or to monitor bandwidth usage statistics. It may also communicate to daemon-based and/or ICAP-based antivirus software to provide security against virus and other malware by scanning incoming content in real time before it enters the network.

Anonymizing proxy server

An anonymous proxy server (sometimes called a web proxy) generally attempts to anonymize web surfing. There are different varieties of anonymizers. One of the more common variations is the open proxy. Because they are typically difficult to track, open proxies are especially useful to those seeking online anonymity, from political dissidents to computer criminals
Access control: Some proxy servers implement a logon requirement. In large organizations, authorized users must log on to gain access to the web. The organization can thereby track usage to individuals.

Hostile proxy

Proxies can also be installed in order to eavesdrop upon the dataflow between client machines and the web. All accessed pages, as well as all forms submitted, can be captured and analyzed by the proxy operator. For this reason, passwords to online services (such as webmail and banking) should always be exchanged over a cryptographically secured connection, such as SSL.

Intercepting proxy server

An intercepting proxy combines a proxy server with a gateway or router (commonly with NAT capabilities). Connections made by client browsers through the gateway are diverted to the proxy without client-side configuration (or often knowledge). Connections may also be diverted from a SOCKS server or other circuit-level proxies.

Intercepting proxies are also commonly referred to as "transparent" proxies, or "forced" proxies, presumably because the existence of the proxy is transparent to the user, or the user is forced to use the proxy regardless of local settings.

Purpose

Intercepting proxies are commonly used in businesses to prevent avoidance of acceptable use policy, and to ease administrative burden, since no client browser configuration is required. This second reason however is mitigated by features such as Active Directory group policy, or DHCP and automatic proxy detection.

Intercepting proxies are also commonly used by ISPs in some countries to save upstream bandwidth and improve customer response times by caching. This is more common in countries where bandwidth is more limited (e.g. island nations) or must be paid for.

Transparent and non-transparent proxy server

The term "transparent proxy" is most often used incorrectly to mean "intercepting proxy" (because the client does not need to configure a proxy and cannot directly detect that its requests are being proxied). Transparent proxies can be implemented using Cisco's WCCP (Web Cache Control Protocol). This proprietary protocol resides on the router and is configured from the cache, allowing the cache to determine what ports and traffic is sent to it via transparent redirection from the router. This redirection can occur in one of two ways: GRE Tunneling (OSI Layer 3) or MAC rewrites (OSI Layer 2).
Forced proxy The term "forced proxy" is ambiguous. It means both "intercepting proxy" (because it filters all traffic on the only available gateway to the Internet) and its exact opposite, "non-intercepting proxy" (because the user is forced to configure a proxy in order to access the Internet).Forced proxy operation is sometimes necessary due to issues with the interception of TCP connections and HTTP. For instance, interception of HTTP requests can affect the usability of a proxy cache, and can greatly affect certain authentication mechanisms. This is primarily because the client thinks it is talking to a server, and so request headers required by a proxy are unable to be distinguished from headers that may be required by an upstream server (esp authorization headers). Also the HTTP specification prohibits caching of responses where the request contained an authorization header.

Suffix proxy

A suffix proxy server allows a user to access web content by appending the name of the proxy server to the URL of the requested content (e.g. "en.wikipedia.org.6a.nl").
Open proxy server
Because proxies might be used to abuse, system administrators have developed a number of ways to refuse service to open proxies. Many IRC networks automatically test client systems for known types of open proxy. Likewise, an email server may be configured to automatically test e-mail senders for open proxies.

Reverse proxy server

A reverse proxy is a proxy server that is installed in the neighborhood of one or more web servers. All traffic coming from the Internet and with a destination of one of the web servers goes through the proxy server. There are several reasons for installing reverse proxy servers:

* Encryption / SSL acceleration: when secure web sites are created, the SSL encryption is often not done by the web server itself, but by a reverse proxy that is equipped with SSL acceleration hardware. See Secure Sockets Layer. Furthermore, a host can provide a single "SSL proxy" to provide SSL encryption for an arbitrary number of hosts; removing the need for a separate SSL Server Certificate for each host, with the downside that all hosts behind the SSL proxy have to share a common DNS name or IP address for SSL connections.
* Load balancing: the reverse proxy can distribute the load to several web servers, each web server serving its own application area. In such a case, the reverse proxy may need to rewrite the URLs in each web page (translation from externally known URLs to the internal locations).
* Serve/cache static content: A reverse proxy can offload the web servers by caching static content like pictures and other static graphical content.
* Compression: the proxy server can optimize and compress the content to speed up the load time.
* Spoon feeding: reduces resource usage caused by slow clients on the web servers by caching the content the web server sent and slowly "spoon feeding" it to the client. This especially benefits dynamically generated pages.
* Security: the proxy server is an additional layer of defense and can protect against some OS and WebServer specific attacks. However, it does not provide any protection to attacks against the web application or service itself, which is generally considered the larger threat.
* Extranet Publishing: a reverse proxy server facing the Internet can be used to communicate to a firewalled server internal to an organization, providing extranet access to some functions while keeping the servers behind the firewalls. If used in this way, security measures should be considered to protect the rest of your infrastructure in case this server is compromised, as its web application is exposed to attack from the Internet.

Tunneling proxy server

A tunneling proxy server is a method of defeating blocking policies implemented using proxy servers. Most tunneling proxy servers are also proxy servers, of varying degrees of sophistication, which effectively implement "bypass policies".A tunneling proxy server is a web-based page that takes a site that is blocked and "tunnels" it, allowing the user to view blocked pages. A famous example is elgooG, which allowed users in China to use Google after it had been blocked there. elgooG differs from most tunneling proxy servers in that it circumvents only one block.

Content filter

Many work places, schools, and colleges restrict the web sites and online services that are made available in their buildings. This is done either with a specialized proxy, called a content filter (both commercial and free products are available), or by using a cache-extension protocol such as ICAP, that allows plug-in extensions to an open caching architecture.
equests made to the open internet must first pass through an outbound proxy filter. The web-filtering company provides a database of URL patterns (regular expressions) with associated content attributes.

Asynchronous And Synchronous Transfer Mode(ATM)

Asynchronous Transfer Mode (ATM) is an International Telecommunication Union-Telecommunications Standards Section (ITU-T) standard for cell relay wherein information for multiple service types, such as voice, video, or data, is conveyed in small, fixed-size cells. ATM networks are connection-oriented. This chapter provides summaries of ATM protocols, services, and operation. Figure 27-1 illustrates a private ATM network and a public ATM network carrying voice, video, and data traffic. 


 A Private ATM Network and a Public ATM Network Both Can Carry Voice, Video, and Data Traffic

Standards

ATM is based on the efforts of the ITU-T Broadband Integrated Services Digital Network (B-ISDN) standard. It was originally conceived as a high-speed transfer technology for voice, video, and data over public networks. The ATM Forum extended the ITU-T's vision of ATM for use over public and private networks. The ATM Forum has released work on the following specifications:

•User-to-Network Interface (UNI) 2.0

•UNI 3.0

•UNI 3.1

•UNI 4.0

•Public-Network Node Interface (P-NNI)

•LAN Emulation (LANE)

•Multiprotocol over ATM

ATM Devices and the Network Environment

ATM is a cell-switching and multiplexing technology that combines the benefits of circuit switching (guaranteed capacity and constant transmission delay) with those of packet switching (flexibility and efficiency for intermittent traffic). It provides scalable bandwidth from a few megabits per second (Mbps) to many gigabits per second (Gbps). Because of its asynchronous nature, ATM is more efficient than synchronous technologies, such as time-division multiplexing (TDM).

With TDM, each user is assigned to a time slot, and no other station can send in that time slot. If a station has much data to send, it can send only when its time slot comes up, even if all other time slots are empty. However, if a station has nothing to transmit when its time slot comes up, the time slot is sent empty and is wasted. Because ATM is asynchronous, time slots are available on demand with information identifying the source of the transmission contained in the header of each ATM cell.

ATM Cell Basic Format

ATM transfers information in fixed-size units called cells. Each cell consists of 53 octets, or bytes. The first 5 bytes contain cell-header information, and the remaining 48 contain the payload (user information). Small, fixed-length cells are well suited to transferring voice and video traffic because such traffic is intolerant of delays that result from having to wait for a large data packet to download, among other things. Figure 27-2 illustrates the basic format of an ATM cell. 


Synchronous Transfer Mode

Synchronous Transfer Mode/Transport Module

The STM-1 (Synchronous Transport Module level-1) is the SDH ITU-T fiber optic network transmission standard. It has a bit rate of 155.52 Mbit/s. The other levels are STM-4, STM-16 and STM-64. Beyond this we have wavelength-division multiplexing (WDM) commonly used in submarine cabling.The STM-1 frame is the basic transmission format for SDH. A STM-1 signal has a byte-oriented structure with 9 rows and 270 columns of bytes with a total of 2430 bytes (9 rows * 270 columns = 2430 bytes). Each byte corresponds to a 64kbit/s channel.

Jude 1:3   

context

Condemnation of the False Teachers

Jude 1:3  "Dear friends, although I have been eager to write to you ¹  about our common salvation, I now feel compelled ²  instead to write to encourage ³  you to contend earnestly ⁴  for the faith ⁵  that was once for all ⁶  entrusted to the saints. ^{7 "}

 

comment:

 Although I don't understand the depths of this verse,but Saint Jude emphasizes that we must have great faith to God, Saint Jude encourages us to be faithful with all our hearts, faith that is doubtlessly for God.

 

Who is GOD?

Who is God? He's been described as everything from an impersonal life-force to a benevolent, personal, almighty Creator. He has been called by many names, including: "Zeus," "Jupiter," "Brahma," "Allah," "Ra," "Odin," "Ashur," "Izanagi," "Viracocha," "Ahura Mazda," and "the Great Spirit" to name just a few. He's seen by some as "Mother Nature" and by others as "Father God." But who is He really? Who does He claim to be?
Who Is God - Father God or Mother Nature?
Who is God? What has He revealed about Himself? To begin with, whenever He refers to Himself in parental terms, He always addresses Himself as "Father," never "Mother." He calls Himself "a Father to Israel,"¹ and in one instance, when His "children" were particularly disrespectful to Him, He said to them, "A son honors his father, and a servant his master. If then I am the Father, where is My honor? And if I am a Master, where is My reverence?" ²

His prophets acknowledged Him as Father by saying, "You are our Father, we are the clay, and You our potter; And all of us are the work of Your hand,"³ and "do we not all have one Father? Has not one God created us?"⁴ Never once does God refer to Himself as "Mother" and never once is He called such by the prophets to whom He spoke. Calling God "Mother Nature" is comparable to calling your earthly father "Mom."
Who Is God - What Does God Care About?
Who is God in terms of moral attributes? What does God have to say about Himself in this regard? He says that He delights in justice and righteousness: "…Let not the wise man boast of his wisdom or the strong man boast of his strength or the rich man boast of his riches, but let him who boasts boast about this: that he understands and knows me, that I am the LORD, who exercises kindness, justice and righteousness on earth, for in these I delight."⁵ "For I, the LORD, love justice; I hate robbery and iniquity…"⁶

Justice and equity are very important to God. But so are grace and mercy. And so, while God will hold everyone accountable, each for their own lives, He extends His grace to the repentant sinner. He promises that, "'If the wicked man turns from all his sins which he has committed and observes all My statutes and practices justice and righteousness, he shall surely live; he shall not die. All his transgressions which he has committed will not be remembered against him; because of his righteousness which he has practiced, he will live. Do I have any pleasure in the death of the wicked,' declares the Lord GOD, 'rather than that he should turn from his ways and live?…I have no pleasure in the death of anyone who dies,' declares the Lord GOD. 'Therefore, repent and live.'"⁷

By "death" God is not referring to the physical death which we might have in mind. Rather, God is referring to something which will happen in eternity, after our physical deaths. The Scriptures refer to this event as the "second death."⁸ The first death separates us from our bodies and takes us from this world. The second death is different. It also entails a separation, but it's the separation of one group of people from another: the righteous and the forgiven on one hand and the wicked and the unrepentant on the other. The two groups will be judged separately.

The one group will be rewarded according to the good that they've done. Their evil deeds will be overlooked, forgiven by God. The other group will be judged according to the evil that they have done, and their good deeds will not keep them from their punishment. God says, "When a righteous man turns away from his righteousness, commits iniquity and dies because of it, for his iniquity which he has committed he will die." But "when a wicked man turns away from his wickedness which he has committed and practices justice and righteousness, he will save his life. Because he considered and turned away from all his transgressions which he had committed, he shall surely live; he shall not die. …Therefore, repent and live."⁹ In this way, God will see that justice ultimately prevails, but that mercy is given to the humble and the repentant.

God has made a provision for those who want to repent, a provision to atone for the sins of those who want to be made right with Him. He sent a "Messiah," a Servant who willingly suffered and died a vicarious death in order to pay for the sins of those who would repent and trust in Him. The Scriptures say, "Who has believed our message and to whom has the arm of the LORD been revealed?…Surely He took up our infirmities and carried our sorrows…He was pierced for our transgressions, He was crushed for our iniquities; the punishment that brought us peace was upon Him, and by His wounds we are healed. We all, like sheep, have gone astray, each of us has turned to his own way; and the LORD has laid on Him the iniquity of us all.…it was the LORD's will to crush Him and cause Him to suffer, and though the LORD makes His life a guilt offering, He will see His offspring and prolong His days, and the will of the LORD will prosper in His hand. After the suffering of His soul, He will see the light of life and be satisfied; by his knowledge my righteous servant will justify many, and he will bear their iniquities.…he poured out his life unto death, and was numbered with the transgressors. For he bore the sin of many, and made intercession for the transgressors." ¹⁰

Juniper Routers

Juniper Networks enterprise routers add new levels of security,
uptime, performance, and operations flexibility to today’s
changing networks
Today’s business environment is becoming more dynamic and competitive
as information technology increases the pace of change and fundamentally
alters business models. IT departments are being asked to support a more
distributed enterprise, enable new business processes to improve employee
efficiency, comply with new government regulations, and lower infrastructure
costs. Networks and applications are also being consolidated by moving to
a converged Internet protocol (IP) infrastructure for both cost and operation
efficiency reasons. A good example of this is the migration of traditional voice
services to voice over IP, facilitating increased efficiencies through a common
infrastructure.



The Juniper Networks
next generation routing architecture provides the
solid, reliable, high performance foundation upon which today’s real-time,
critical networking applications can be delivered. Juniper Networks offers
a comprehensive enterprise routing portfolio consisting of the J-series
services routers and the M-series multiservice routers. The J-series routers
are typically deployed at remote offices or branch locations and include the
J2300 for smaller offices, the J4300 for medium sized branches, and the
J6300 for large branches or regional offices. The M-series enterprise routers,
including the M7i and M10i, are typically deployed in head office locations
where high performance packet processing is required such as Internet
access gateways, WAN aggregation devices, data center routers or backbone
routers. Both the J-series and M-series routers run the same proven JUNOS
modular operating system, designed to run multiple functions in parallel on
assigned processing resources and delivering high stability with the flexibility
to enable advanced, next-generation routing services.
Product highlights:
• Support for advanced services, such as MPLS, IP routing, QoS,
multicast, security services and accounting, to securely deliver and
manage mission critical data and applications
• Breadth of enterprise routing portfolio, interface options, and
performance levels to suit the diverse needs of today’s businesses
• High levels of security with a modular system architecture to defend
against infrastructure attacks by fully protecting the processing
resources and ensuring complete router control
• Modular software design to ensure that minor problems cannot
turn into full system crashes, maintaining uptime and continuity of
operations
• Predictable performance of mission critical applications and higher
QoS control to classify, prioritize and schedule traffic ensuring
resource availability
• One common JUNOS code base to streamline deployment, patches
and software upgrades with multiple tools for platform implementation
and management
Juniper Networks J2300
Juniper Networks J4300
Juniper Networks J6300
Juniper Networks M7i
Juniper Networks M10i
Juniper Networks modular architecture enables enterprises to meet the diverse
demands of next generation IP infrastructures
The performance and integrity of Juniper routers have been proven in the largest IP
networks in the world. As enterprise networks must increasingly meet many of the same
service levels as carrier infrastructures, Juniper Networks extends its capabilities to the
J- and M- series enterprise routing systems, with the performance, reliability and
flexibility required.
Juniper’s enterprise routing platforms are built on five key principles:
• Advanced Services: support for MPLS, IP routing, QoS, Multicast, Security Services
and Accounting
• Protected Processing Resources: always available resources to ensure router
stability and control
• Modular Software Architecture: clean separation of independent software
functions
• Next Generation CLI: advanced configuration and diagnostic tools
• One Code Base: common code base developed through a rigorous release process
These principles represent a set of fundamental changes in the design and development of
next generation routing platforms.
Advanced services
Juniper Networks J- and M-Series routers provide a secure and reliable foundation for
implementing IP and IP/MPLS features for the Enterprise, The modular router architecture
ensures high performance and reliability even after enabling of advanced services.
Security features such as IPSec VPN, Stateless and Stateful firewall with NAT, allow
businesses to securely connect multiple remote/branch offices to regional offices,
headquarters, and data centers with unmatched performance and reliability. The security
services are performed on dedicated resources for the higher end platforms resulting in
high performance rates.
The JUNOS operating system provides rich and granular traffic management for prioritizing
mission critical traffic such as voice. It is possible to configure multiple forwarding classes
for transmitting packets, define output queues, schedule the transmission service level
for each queue, and avoid congestion using a random early detection (RED) algorithm.
Juniper Networks routing platforms implement QoS in hardware rather than software.
This facilitates large and scalable implementations of QoS with no adverse impact on the
forwarding rate.
A wide array of Multicast protocols and features are supported on JUNOS router platforms.
These include IGMPv3 with Source Specific Multicast, Multicast Listener Discovery
(IPv6), PIM (DM, SM, SSM), DVMRP and MSDP. JUNOS adds reliability to a Multicast
implementation by using Pragmatic General Multicast (PGM). These features are ideal for
deployment of Video Conferencing, IPTV or Multicast based business applications.
JUNOS based routing platforms can collect various kinds of data about traffic passing
through the routing platform. Different profiles can be set up to collect data on traffic
passing through an interface, a firewall filter or to the Routing Engine. This allows for good
business reporting and billing end users of an enterprise network infrastructure.
The JUNOS platforms also allow businesses utilizing an IP network infrastructure to
migrate to a rich implementation of MPLS and deploying network based MPLS services
including RFC 2547 VPNs, Traffic Engineering, Fast Reroute and QoS. Full support for future
implementation of IPv6 is provided with JUNOS.
Protected Processing Resources
Juniper Networks routing platforms ensure resource availability through a system
architecture that cleanly separates the three independent components – the Routing
Engine, Forwarding Engine, and Services Engine. Each has its own protected processing
and memory resources so that processing conflicts are never an issue.
The robust protected resource architecture of
Juniper Networks routers allocates a unique
address space to each operating process.
Since each task has its own dedicated ASIC or
protected processing resources, Juniper routers
provide intelligence and performance at scale in
a way that no other legacy router can approach.
Modular Software Architecture
Complementing the protected processing
resources is the modular architecture of the
JUNOS operating system. The JUNOS operating
system is a completely modular software
platform enabling a functional division of labor
for seamless development and operation of many advanced features and capabilities. By
partitioning the software system, tasks are broken into manageable subsets that interact
infrequently. Loading of one does not affect the other, eliminating a common failure mode
of legacy routers.
Next generation CLI
JUNOS extends its modern design beyond system architecture with advanced
administrative features. The intelligent, hierarchical organization of the JUNOS CLI is well
suited to operations tasks, with a number of innovative features built-in to ease overall
network deployment, configuration and restoration.
One code base
Juniper Networks follows a rigorous, well-defined development release process with
a single code base across its routing platforms. Under strict development standards,
features are added, supported, tested and reliably carried forward, with major releases
four times a year and minor updates available monthly, quickly introducing new capabilities
required by customers. As a modular software platform, many developers can create new
features for JUNOS simultaneously without impacting each others’ work.
Connecting and securing remote offices
Juniper J-Series Routers offer a variety of platforms with flexible interfaces that deliver
secure reliable network connectivity to remote, branch, and regional offices. The JSeries
runs modular JUNOS software which offers many advanced services (MPLS,
IP routing, QoS, multicast, firewall, and VPN), delivering high levels of security, uptime
and performance at reduced operations costs. These platforms provide enterprises,
government and healthcare organizations, and research/education groups a forward-looking
platform on which to build converged IP and IP/MPLS infrastructures to support a diverse
set of networked applications.
2300
• Up to 2xT1/E1 performance
• T1, E1, Serial, or G.SHDSL WAN Interfaces
• Two fixed FE LAN ports, and optional integrated ISDN BRI backup
Forwarding
Engine
Routing
Engine
Services
Engine
Receives packets, performs
routing lookups and sends
packets to the output
interfaces
Manages all routing and
control functions of the
system including creation
and update of routing table
Provides advanced packet processing services
such as NAT, encryption and stateful firewall filters
Modular system
architecture of Juniper
Networks routers
4300
• Up to 8xT1/E1 performance
• T1, E1, FE, Serial, ADSL/2/2+, or G.SHDSL WAN Interfaces
• 2 fixed FE LAN ports, and 6 interface module slots
6300
• Up to DS3 performance
• T1, E1, E3, DS3, FE, Serial, ADSL/2/2+, or G.SHDSL WAN Interfaces
• 2 fixed FE LAN ports, and 6 interface module slots
• Redundant power supplies
Connecting and securing the central office, data center and enterprise backbone
The M7i and M10i platforms are ideal enterprise routing solutions for head offices,
campuses and corporate backbones needing reliable, secure and high performance IP
WAN connectivity, Internet access and services. The hardware based architecture and the
JUNOS operating system ensure rich packet processing with uncompromising forwarding
performance to support latency sensitive applications such as voice, video, and mission
critical applications. The M7i and M10i routers are the choice for consolidating multiple
services onto a single IP/MPLS network and delivering performance, reliability, and security
to the enterprise environment. The modular architecture enables high performance and
carrier class stability even when services are turned on these platforms.
M7i
• Up to 1Gigabit Ethernet /OC-12 WAN Performance
• 4 PIC Slots and built in 2xFE or GigE uplinks
• Forwarding Engine Board with built in Services Module
M10i
• Complete redundancy with dual routing engines, dual FEBs and dual power supplies
Redundancy provided with GRES (Graceful Routing Engine Switchover)
• Up to OC-48/STM-16 WAN Performance
• 8 PIC Slots for a variety of LAN, WAN and Services PICs
Large Branch Office
Regional HQ
Remote Office
Partner Site
Corporate HQ
Global Data Center
J2300
J4300
J6300
J6300
M7i
M10i
The benefits of deploying Juniper Networks enterprise routers
Modern IP applications require a smart network that can meet the diverse set of
requirements enterprises need without compromise. Deploying Juniper Networks routers
adds new levels of security, uptime, performance and operations flexibility with many
systems and tools to assist network administrators.
Juniper Advantages Key Differentiators
Strong Security
• Modular system architecture defends against attacks by protecting
processing resources
• Access to the router is always available – even while under attack
• Additional integrated security services include Network Address
Translation (NAT), Access Control Lists (ACLs), stateful inspection
firewall, and IPSec Encryption
High Uptime
• Network outages minimized by separating software functions into
modular components
• Minor problems cannot proliferate to full system crashes
• Next generation CLI designed to help prevent operational errors,
maintaining uptime
• Platforms available with redundant WAN interfaces
Predictable
Performance
• Comprehensive, real-time granular control over network traffic,
especially important during periods of high congestion
• QoS mechanisms to classify, prioritize and schedule traffic to deliver
predictable performance
• Consistent WAN throughput rates when advanced services are
enabled
Operations Flexibility
• One software code base across all routing platforms eases
operations with straightforward software updates and upgrades
• Fast certification of releases and full interoperability between
products
• Features for small and regional remote offices help lower the
operations costs for installing, managing, monitoring and maintaining
equipment
Centralized
Management
• Juniper Networks JUNOScope provides automated control of a
large number of enterprise routers, eliminating the need to manage
individual routers
• Multiple functions such as configuration management, inventory
management and system administration
• Reduce time and costs by leveraging an automated and integrated
set of management applications
Breadth of Portfolio
• Spectrum of products to connect various enterprise locations, including,
remote, branch, and regional offices, as well as central offices,
data centers and enterprise backbones
• WAN performance from broadband to OC-192/STM- 64, 10GE
• Wide variety of WAN interface options including T1, E1, E3, DS3, FE,
Serial, ISDN BRI, ADSL/2/2+, G.SHDSL, SONET/SDH, Channelized
IQ, and ATM2 IQ
Service and support when and where it’s needed
Juniper Networks Professional Services consultants and the experts of
authorized Juniper Networks partners are recognized throughout the industry as
knowledgeable networking specialists. They are uniquely qualified to assist in
planning and implementing a secure and reliable network.
The Customer Support Center provides responsive assistance and software
upgrades, security updates, and online knowledge tools to ensure maximum
reliability of Juniper Networks products. Professional instructors of Juniper
Networks Educational Services help customers keep pace with rapidly evolving
technologies by sharing the company’s expertise on operating stable, secure
networks.
Juniper Networks: The alternate route to secure and assured networks
As enterprises strive to meet their diverse set of business and operations needs,
Juniper Networks enterprise routers evolve to meet the new level of requirements.
Juniper Networks routers are proven in the world’s largest IP networks, including
the top 25 service provider networks in the world. Juniper’s enterprise routers
combine reliability with flexibility to enable advanced routing, QoS, filtering,
security and administrative policies, and usage and performance monitoring.
Juniper Networks enterprise routing platforms provide the best foundation to build
today’s secure and assured networks.

Canopy Antenna

Typical Canopy setup consists of a cluster of up to 6 co-located standard access point

Access Point

Access Point can refer to:*Access Point , a location on Anvers Island, Antarctica*Wireless access point, a wireless networking device...
s, each with a 60 degree horizontal beamwidth

Beamwidth

In telecommunication, the term beamwidth has the following meanings:1. In the radio regime, of an antenna pattern, the angle between the half-power points of the main lobe, when referenced to the peak effective radiated power of the main lobe....
antenna, to achieve 360 degree coverage. Also included would be one or more backhauls or otherwise out-of-band links (to carry data to/from other network ocations) and a Cluster Management Module (CMM) to provide power and synchronization to each Canopy AP or Backhaul Module(BM).

Customers of the system receive service through subscriber modules (SMs) aimed towards the AP. The SMs should be mounted on the tall point of a building to get a reliable connection else Fresnel zone

Fresnel zone

File:FresnelSVG.svgIn optics and radio telecommunication, a Fresnel zone, named for physicist Augustin-Jean Fresnel, is one of a number of concentric ellipsoids of revolution which define volumes in the radiation pattern of a circular aperture ....
obstruction will weaken the signal. Under ideal operating conditions connections at distances up to 3.5 miles can be achieved using equipment with integrated antennas

Antenna (radio)

An 'antenna' is a transducer designed to transmitter or receive Electromagnetic radiations. In other words, antennas convert electromagnetic waves into electrical currents and vice versa....
. Network operators can opt to install reflector dishes or Stinger antennas, or to use Canopy models that accept external antennas at one or both ends of the link to increase coverage distance.

Most Canopy equipment receives its power using Power over Ethernet

Power over Ethernet

Power over Ethernet or PoE technology describes a system to transfer electrical power, along with data, to remote devices over standard twisted-pair cable in an Ethernet network....
, however, none of its standards comply with IEEE 802.3af.

In general, the 900 MHz version is more effective for use in outlying areas because of its ability to penetrate through trees. However, it requires careful installation due to the easy propagation of interference on that band.

Comparison between Switch and Router

Switch in electronics, is an electrical component that can break an electrical circuit, interrupting the current or diverting it from one conductor to another. The most familiar form of switch is a manually operated electromechanical device with one or more sets of electrical contacts. Each set of contacts can be in one of two states: either 'closed' meaning the contacts are touching and electricity can flow between them, or 'open', meaning the contacts are separated and nonconducting.

WHILE.......

Router is an electronic device used to connect two or more computers or other electronic devices to each other, and usually to the Internet, by wire or radio signals. This allows several computers to communicate with each other and to the Internet at the same time. If wires are used, each computer is connected by its own wire to the router. Modern wired-only routers designed for the home or small business typically have one "input" port (to the Internet) and four "output" ports, one or more of which can be connected to other computers.

And...

Wireless router is a device that performs the functions of a router but also includes the functions of a wireless access point. It is commonly used to allow access to the Internet or a computer network without the need for a cabled connection. It can function in a wired LAN (local area network), a wireless only LAN, or a mixed wired/wireless network. Most current wireless routers have the following characteristics:

• LAN ports, which function in the same manner as the ports of a network switch
• A WAN port, to connect to a wider area network. The routing functions are filtered using this port. If it is not used, many functions of the router will be bypassed.
• Wireless antennae. These allow connections from other wireless devices (NICs (network interface cards), wireless repeaters, wireless access points, and wireless bridges, for example).