Full Text

Nortel Networks' Contivity VPN switch has undergone a number of changes since we last reviewed it in 1998 (see www.nwc.com/ 922/922sp2.html). Its new iteration, the 4600, enhances the old administrative interface, keeping the end-user experience simple and straightforward. But the Contivity 4600 provides better performance and fault-tolerance than that of previous models, and it is able to support more remote users and more VPN sessions.

I tested the Contivity 4600 and Contivity software version 4.0 (beta) in our Syracuse University RealWorld Labs(R) and came away impressed with both.

The Contivity lines run on Intel hardware and VxWorks real-time operating systems and have suffered performance issues largely due to PCI bus limitations.

The 4600 sports dual 800MHz processors; I GB of memory; dual PCI buses; autosensing, hot-swappable power supplies; and a cryptographic accelerator. It also supports a wide array of interfaces: 10/100 Ethernet, T1 and T3, HSSI (High-Speed Serial Interface), V.21 and V.35. And the 4600 is certified as FIPS (Federal Information Processing Standard) 140-1 Level 2 (a cryptographic module certificate published by the National Institute of Standards and Technology [NIST]) as long as the optional kit is purchased and installed and the cryptographic accelerator is not installed.

HIGH AVAILABILITY KEEPS YOU CONNECTED

High availability and failover are key requirements for any mission-critical component. Contivity software version 4.0 comes through, offering failover and high availability for both LAN-to-LAN and remote-user VPN connections. High-availability configurations are stateless, which means the VPN connections have to reconnect to a secondary Contivity when a device fails. The secondary Contivity can already be in operation with its own VPNs. The secondary Contivity will aggregate its own VPN with the VPNs that failed over.

Client failover is global to any Contivity switch. All remote clients receive the same failover configurations when...