Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 SIGMA SBR Carrier 7.0.

Slides:



Advertisements
Similar presentations
Inter WISP WLAN roaming
Advertisements

Mobile IP. 2 N+I_2k © 2000, Peter Tomsu 02_mobile_ip Evolution of Data Services Mobile IP GSM GPRS CDMA Other Cellular Circuit Switched Data Today Packet.
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
BAI613 Module 2 - Voice over IP Technology. Module Objectives 1. Describe the benefits of IP Telephony/Packet Telephony/VoIP over traditional telephone.
URP Usage Scenarios for NAS Yoshihiro Ohba August 2001 Toshiba America Research, Inc.
SIP & SS7 (SIP-02) Monday - 09/10/07, 10:00-10:45am.
UMA (Unlicensed Mobile Access) El Ayoubi Ahmed Hjiaj Karim.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
IMS Workshop- Summary James Rafferty August
DSL Access Architectures and Protocols. xDSL Architecture.
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
© 2010 Level 3 Communications, LLC. All Rights Reserved. Level 3 Communications, Level 3, the red 3D brackets and the Level 3 Communications logo are registered.
All IP Network Architecture 2001 년 12 월 5 일 통신공학연구실 석사 4 차 유성균
Rev BMarch 2004 The ABC Service as a Research Infrastructure Rajesh Mishra Per Johansson Cahit Akin Salih Ergut.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,
Security and Policy Enforcement Mark Gibson Dave Northey
General Packet Radio System (GPRS) Overview. Introduction General Packet Radio Service (GRPS) today “Packet overlay” network on top of the existing GSM.
GSM Security Overview (Part 1)
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Colombo, Sri Lanka, 7-10 April 2009 Multimedia Service Delivery on Next Generation Networks Pradeep De Almeida, Group Chief Technology Officer Dialog Telekom.
Omniran OmniRAN Wi-Fi Hotspot Roaming Use Case Date: Authors: NameAffiliationPhone Max RiegelNSN
Windows 2003 and 802.1x Secure Wireless Deployments.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Juniper Carrier AAA roadmap May 2008
1Presentation_ID © 2000, Cisco Systems, Inc. IPv6 in Mobile Wireless Networking Dana Blair
Module 12: Designing an AD LDS Implementation. AD LDS Usage AD LDS is most commonly used as a solution to the following requirements: Providing an LDAP-based.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
RIPE64 Enum Working Group DE-CIX NGN Services.
1. WiMAX_NWG_Stage2 & Stage3. WiMAX Forum The WiMAX Forum is a nonprofit organization formed in 2001 to enhance the compatibility and interoperability.
70-411: Administering Windows Server 2012
Implementing Network Access Protection
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
Network: Location Management Y. Richard Yang 3/21/2011.
CELLULAR DATA NETWORKS Mr. Husnain Sherazi Lecture 5.
© Copyright 2007 Arbinet-thexchange, Inc. All Rights Reserved. VoIP Peering Pilot Using the Internet2 Backbone.
Module 11: Remote Access Fundamentals
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
Module 8: Configuring Network Access Protection
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
Copyright © 2007 Juniper Networks, Inc. 1 Presented to Cosmoline April 10, 2008 Juniper Solutions for WiMAX.
1 Motorola PMIPv4 Call Flows: Bearer Setup with Dual Anchoring Parviz YeganiVojislav VuceticAlmon Tang (408) (732) (847)
1 Presentation_ID © 1999, Cisco Systems, Inc. Cisco All-IP Mobile Wireless Network Reference Model Presentation_ID.
Configuring Network Access Protection
Doc.: IEEE /209r0 Submission 1 March GPP SA2Slide 1 3GPP System – WLAN Interworking Principles and Status From 3GPP SA2 Presented.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Doc.: IEEE /345r0 Submission May 2002 Albert Young, Ralink TechnologySlide 1 Enabling Seamless Hand-Off Across Wireless Networks Albert Young.
DSLF Subscriber Auth Requirements and IETF PANA Protocol PANA WG Chairs IETF 70 Dec 7, 2007 – Vancouver, Canada.
Secure Access Link (SAL): Supporting Cost Savings and Improving Secure Access.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
1 Wireless Networks Lecture 17 GPRS: General Packet Radio Service (Part I) Dr. Ghalib A. Shah.
Module 9: Configuring Network Access
Module Overview Installing and Configuring a Network Policy Server
Implementing Network Access Protection
Securing the Network Perimeter with ISA 2004
Configuring and Troubleshooting Routing and Remote Access
2018 Real Cisco Dumps IT-Dumps
GPRS GPRS stands for General Packet Radio System. GPRS provides packet radio access for mobile Global System for Mobile Communications (GSM) and time-division.
Server-to-Client Remote Access and DirectAccess
IMS & Wireline to Wireless Convergence
Master in progettista di servizi radiomobili Web Based Overview
GPRS Architecture Ayan Ganguly Bishakha Roy Akash Dutta.
Presentation transcript:

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 SIGMA SBR Carrier 7.0

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 2 Agenda  The product: SBR Carrier 7.0 Converged Carrier grade AAA New WiMAX module  New Pricing model  Use cases (for wireline & wireless) Use case Pricing Migrating from legacy SBR products  Literature

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 3 The product: SBR Carrier 7.0 Converged Carrier grade AAA

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 4 AAA Evolution to FMC and WiMAX Wireline WiFi/UMA CDMA GSM/UMTS SBR/SPESBR/SIMSBR/MIM WiMAX SBR/SPESBR/HA SBR/Carrier

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 5 One AAA to Manage All Access  A centralized AAA Architecture that supports all access technologies and user credentials is an important element of the NGN network  A benefit of centralizing AAA is that it allows for the centralization of subscriber session information on the networks  Enhancement to service delivery and new services can be delivered by leveraging this active subscriber database. LDAP PKI Sessions Applications/ Services DSL GPRS/UMTS UMA Femtocell WiMAX

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 6 Authentication modules GUI LDAP SNMP SQL LDAP HLR Gateways Proxy RADIUS RADIUS SMS Auth * SMS Auth * SIM auth SIM auth CDMA Mobility * SBR Carrier Core Step 1: SBR Carrier v 7.0 (Now!!) Modular AAA for Wireless and Wireline carriers Standalone AAA server combining all previously existing Juniper AAA carrier functionality into 1 modular product Adding a mobile WiMAX module OSS Interfaces Front-Ends Back-Ends Mobility modules CLI W i MAX Mobility W i MAX Mobility Optional modules Scripting *CDMA mobility and SMS auth EFT only in v7.0

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 7 SBR Carrier Core Built on Industry-proven SBR SPE technology! Open and flexible AAA functionality regardless of end user access technology (through RADIUS, EAP, Http-digest), integrated into 1 platform Supports SQL or LDAP based user repository, regardless of DB schema Advanced service delivery features Carrier grade proxy engine and filtering features Virtualization support Network integration features All 3GPP support built into SBR Carrier Core Comes with all EAP methods enabled out of the box (except SIM/AKA): MD5, LEAP, GTC, POTP, PEAP, TLS,TTLS Supports unlimited virtualization (directed realms) Multiple additional optional features available +

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 8 Flexible sub-TLV support Support for sub-TLV’s in the core AAA engine allow any sub-TLV requirement to be configured in the AAA core Location based profiles Enables policy granularity on location basis Access technology based policy Available in 2 flavors: Location based profiles for users Location based profiles for groups SBR Carrier 7.0 core new features Improved Management Web delivered Administration UI Downloadable to any station No permanent UI install A browser is sufficient UI managed EAP configuration UI based filter management Administration audit logs ensuring administration accountability Enhanced scripting features Enabling precise implementation of custom service and business logic Providing unparalleled flexibility in implementing and growing service and business logic JavaScript realm selection and JavaScript filter selection can: Query and modify any AVP Query LDAP or SQL databases SBR Carrier 7.0

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 9 SBR Carrier: Authentication Modules, Mobility Modules and Optional Modules SIM authentication methods for PWLAN and UMA  SIM authentication and authorization (against HLR over SS7 or SIGTRAN)  Kineto INC S1 interface (UMA & Femtocell) SMS OTP provisioning and authentication methods CDMA Mobility module  CDMA mobility, resource assignment and prepaid features  CDMA RevA QoS support SMS Auth * SMS Auth * SIM auth SIM auth CDMA Mobility * JavaScripting module  LDAP JavaScripting  JavaScripted Filters  Core routing JavaScripting Scrip ting Scrip ting *CDMA mobility and SMS auth EFT only in v7.0

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 10 WiMAX in SBR Carrier 7.0  Modular approach, SBR Carrier Core + WiMAX Module for wireline integration (EAP-TLS, EAP-TTLS) WiMAX module + SIM authentication module for GSM/UMTS integration (EAP-AKA) WiMAX Module + CDMA mobility module for CDMA integration  WiMAX mobility management: Mobile IP v4 support ASN and CSN authentication authorization ASN and CSN key management  WiMAX resource management Home Agent Management Home Address (IP-address) Management  WiMAX QoS support  Charging  Roaming: H-AAA and V-AAA  Standards: WiMAX Forum NWG Stage 3 rev. 1.0, 1.1 and 1.2 compliant W i MAX

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 11 Optional modules * Only in combination with Session control module Step 2: SBR Carrier v 7.2 (March 2009) Modular Carrier Grade AAA Available standalone or with HA cluster combining all previously existing carrier functionality into 1 product Adding central address allocation, concurrency and Session Control modules DB HA Cluster Session DB Authentication modules GUI LDAP SNMP SQL LDAP HLR Gateways Proxy RADIUS RADIUS SMS auth SMS auth SIM auth SIM auth CDMA Mobility SBR Carrier Core Front-Ends Back-Ends Mobility modules CLI W i MAX Mobility W i MAX Mobility Scripting SQL* Xml/ https** Xml/ https** Session Control Session Control Concur rency Concur rency Address Allocation Address Allocation OSS Interfaces

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 12 Network Policy & Control Service IPTV Home VoIP Internet Video Telephony Mobile VoIP Video Roaming FMC Push to Talk FR VPN ATM VPN PSTN Provider Unique Services CPE Wireless Access Wireless Access Data Center CoreEdge SQL/LDAP/CLI/HttpsRADIUS/RADIUS CoA Applications SBR Session DB cluster SBR Carrier Non-Stop AAA and Service Delivery

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 13 SBR Carrier 7.2: New Optional Modules In-session service changes  RADIUS CoA based  XMLoverHttps and CLI (scripting) based interfaces  Applications: In session Hotlining, Legal Intercept, Disconnect, Prepaid, Tiered Services User/ Group based concurrency  Requires HA Cluster session DB for enforcement across the network  Concurrency limitations on a per-user basis  Concurrency limitations on a configurable attribute Centralized IP-address allocation  Requires HA Cluster session DB for central ip-address pool management  All SBR Carrier Frontend AAA nodes use the same address pools  Splitting of address pools per AAA no longer required Session Control Session Control Concur rency Concur rency Address Allocation Address Allocation

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 14 The product: SBR Carrier 7.0 new WiMAX module

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 15 Juniper SBR/AAA functions in WiMAX network  Network Attachment: Securely attach a user/device (or both to the network), and manage its session keys throughout the session lifetime  Mobility Management: Manage a user’s mobility throughout the session lifetime.  Resource Management: Assign and manage a user’s network resources User IP-Addresses Home Agent assignment  Quality of Service: Manage and assign a user’s WiMAX QoS flows and authorize their activation  Billing: Provide user/session and QoS flow (service session) based accounting to billing and reconciliation systems  Roaming: Act as a Visited or Home AAA in roaming scenario’s. Ensure proper authentication and billing

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 16 SBR Carrier in WiMAX Mobile Core Network Access Provider MS Internet Steel-Belted Radius Connectivity Service Provider Application Service Provider Steel-Belted Radius NAP Network Access Provider NSP Network Service Provider ASN GW CSN-GW EAP/ PKMv2 EAP/RADIUS RADIUS Mobile IP Tunnel RADIUS V-AAA H-AAA  The ASN-GW is relay agent between MS and AAA  If the authentication is successful the AAA server responds to the ASN-GW with an accept message that provides all the information necessary for the ASN-GW to initiate a Mobile IP tunnel for the subscriber to the CSN  Once the ASN-GW receives the access accept message from the AAA server it will use the information in the request to initiate a Mobile IP tunnel to the CSN  Upon tunnel initiation the CSN will generate a RADIUS request to the AAA server to request the mobility keys for the subscriber  The RADIUS server will respond with the access-accept that will include the mobility keys allowing the CSN to grant the subscriber an IP session on the network  After MS connects to the radio network, it will be challenged by the ASN-GW to authenticate The Extensible Authentication Protocol (EAP) is the protocol used for credential exchange in WiMAX  The MS can respond to the identity request with either Device Credentials A certificate is used for device authentication User Credentials A USIM or a username/password can be used for user authentication Both device and User Credentials A device certificate and username/password are used

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 17 Standard Attachment methods supported with WiMAX mobility key generation SBR/Carrier EAP methods support WiMAX mobility key generation EAP-TTLS implementation from the pioneer of the protocol (Funk) EAP-SIM/AKA implementation proven in countless PWLAN/UMA solutions Support for other EAP protocols: MD5, LEAP, GTC, POTP, PEAP EAP/TTLS EAP/TLS EAP/SIM-AKASS7 SIGTRAN PKI HLR SQL LDAP

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 18 Authentication Types and Dependencies EAP-TypeCredential formAuthentication Database EAP-TLSDevice certificatePKI infrastructure EAP-TTLSUsername & Password - Or - Username & Password + Device certificate Could be an LDAP Directory, SQL database, internal AAA database. + PKI infrastructure (if user+device) EAP-AKASmart card (USIM)HLR Access to the HLR is available via SS7 or Sigtran

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 19 WiMAX Mobility Management  Mobile IP key derivation: Derive mobile keys and store them for re-authentication or handover When Implementing SBR Carrier in clustered configuration, these keys are available to ALL of the SBR Carrier frontend servers in subsequent transactions  Mobile IP key distribution: Distribute Mobile IP keys to Foreign Agent (ASN-GW) Distribute Mobile IP keys to Home Agent  Mobile IP resource assignment: Manage Home Agent resources HoA (Home Address) Assignment [ Aggregation ] ASN-GW Access RADIUS EAP ASN CSN HA EAP RADIUS

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 20 Home Agent Management and Assignment  Simple Home Agent Assignment: Fixed HA is assigned to the ASN on authentication  Dynamic Home Agent Assignment: Primary-backup HA assignment Home Agent Load Balancing Round Robin HA assignment Weighted Round Robin HA assignment HA Assignment Access Accept HA 70% load 30% load Dynamic HA Assigment

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 21 SBR Carrier roaming features  Act as Home AAA Network attachment, mobility management, resource management, billing, QoS, Service delivery, …  Act as a Visited AAA Mobility management, resource management, billing, QoS, … Advanced proxy features: –Support for multiple proxy realms –Proxy load balancing –Proxy fast fail groups –Advanced filtering and scripting: »Inbound and Outbound »Remove, add and change attributes »Scripting allows custom attribute manipulation and DB access FA SBR as V-AAA SBR as H-AAA Visited Network Home Network Home Network 1 V-AAA Realm1 Home Network 2 Realm2 AAA server in Fastfail Outbound filter Inbound filter

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 22 WiMAX access network QoS  Access network QoS profile transmitted to ASN-GW: Access network QoS Subscriber and Service QoS Uplink/downlink rate limiting  QoS AAA modes: HAAA: subscriber based QoS VAAA: roaming peer based: Enforce visited network QoS over home network provided QoS  Types of QoS profiles: HAAA: Subscriber/group based Home network QoS Roaming QoS VAAA: Ability to rewrite QoS profile attributed by HAAA ASN-GW Access QoS Profile ASN CSN HA LDAP SQL

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 23 New Pricing Model

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 24 SBR Carrier Pricing 4 different types of SKU’s:  SBR Carrier core base server  Additional concurrent session licenses  Additional optional modules  HLR gateways licenses

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 25 SBR Carrier Core SBR Carrier Core server: SBR-CAR-AAA  The base server license, representing the SBR Carrier Core functionality.  Licensed on a per server basis: Customer needs to purchase 1 license per instance he has running in his network, regardless of the fact those instances are running on separate hardware or within virtual domains on the same hardware. ModelDescriptionPrice SBR-CAR-AAA SBR Carrier Core AAA server license, includes 50,000 concurrent sessions (license key only) $34,900

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 26 SBR Carrier Concurrent User Licenses Additional concurrent user licenses  Concurrent sessions for the whole customer site  Licensed on a site basis: ordered on top the SBR Carrier Core base model to expand on the number of concurrent sessions licensed in the product (concurrently attached to the network) This is a cumulative license: For example if the customer purchases another 50,000 sessions, the customer is licensed for 100,000 sessions total. The number of sessions are measured as concurrent sessions in the AAA session database. The customer has the right to apply additional concurrent session licenses to all SBR Carrier servers on his site. ModelDescriptionPrice SBR-CAR-ADD-50K SBR Carrier - Add 50,000 concurrent sessions (license key only)$16,000 SBR-CAR-ADD-100K SBR Carrier - Add 100,000 concurrent sessions (license key only)$30,000 SBR-CAR-ADD-250K SBR Carrier - Add 250,000 concurrent sessions (license key only)$70,000 SBR-CAR-ADD-500K SBR Carrier - Add 500,000 concurrent sessions (license key only)$130,000 SBR-CAR-ADD-1M SBR Carrier - Add 1,000,000 concurrent sessions (license key only)$240,000 SBR-CAR-ADD-2M SBR Carrier - Add 2,000,000 concurrent sessions (license key only)$440,000

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 27 Concurrent User Licenses Example A customer requires a basic redundant AAA server (2 licenses) and estimates that he requires a total of 250,000 concurrent users on his site. The customer will need to order:  2 X SBR-CAR-AAA, which will give him the ability to install SBR Carrier on 2 servers, with 100,000 concurrent users (the base license comes with 50,000 concurrent users, X2)  The customer still needs 150,000 concurrent users (for a total of 250,000 concurrent users) so will need to order SBR-CAR- ADD-50K and SBR-CAR-ADD-100K = 2 SBR Carrier AAA + 250,000 concurrent users

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 28 SBR Carrier Optional Modules Additional optional modules licenses:  Unlocks extra functionality on top of the SBR Carrier Core license  Licensed on a per server basis: optional modules can be unlocked by an additional feature license key. SBR Carrier core license needs to be present to unlock functionality Customer needs to purchase 1 license per instance of SBR Carrier he wants the functionality unlocked on. Model Description Price SBR-CAR-SIM SBR Carrier AAA optional SIM Authentication Module (license key only) $29,500 SBR-CAR-WMM SBR Carrier AAA optional WiMAX Mobility Module (license key only) $34,600 SBR-CAR-JSC SBR Carrier AAA optional JavaScripting Module (license key only) $9,800

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 29 SBR Carrier HLR Gateways HLR Gateways for Authentication & Authorization on backend HLR  Required to use HLR as backend database for SIM based authentication, in combination with SIM authentication module (SBR-CAR-SIM)  Licensed on a per server basis: ordered on top the SBR Carrier Core base model and SIM authentication module to allow authentication on a backend HLR SQL and LDAP backends are part of the SBR Carrier Core license, the HLR backend is not Customer needs to purchase 1 license per instance of SBR Carrier he wants the functionality unlocked on. The customer can choose either SIGTRAN or SS7 based HLR gateways. Model Description Price SBR-HLR-SS7 SBR Carrier HLR Gateway - SS7 stack (includes 2 SS7 links)$16,500 SBR-HLR-SS7BOARD SBR Carrier HLR Gateway - SS7 stack (includes 2 SS7 links) + PH0301 PCI SS7 board (2 E/T1 interfaces) $27,500 SBR-HLR-SS7BOARD2 SBR Carrier HLR Gateway - SS7 stack (includes 2 SS7 links) + XH0303 PCI-E low profile SS7 board (2 E/T1 interfaces) $27,500 SBR-HLR-BOARD SBR Carrier HLR Gateway - PH0301 PCI SS7 board (2 E1 interfaces)$12,950 SBR-HLR-BOARD2 SBR Carrier HLR Gateway - XH0303 PCI-E low profile SS7 board (2 E1 interfaces) $12,950 SBR-HLR-SS7-UP6 SBR Carrier HLR Gateway - Upgrade SS7 stack from 2 to 8 SS7 links$16,900 SBR-HLR-SS7-UP8 SBR Carrier HLR Gateway - Upgrade SS7 stack with an additional 8 SS7 links$17,700 SBR-HLR-SIG SBR Carrier HLR Gateway - SIGTRAN stack (includes 2 SIGTRAN associations)$27,900 SBR-HLR-SIGADD SBR Carrier HLR Gateway - Add SIGTRAN stack to existing SS7 install (includes 2 SIGTRAN associations) $18,800 SBR-HLR-SIG-ADDASC SBR Carrier HLR Gateway - Upgrade SIGTRAN stack with 2 additional SIGTRAN associations $17,750

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 30 Service pricing  Service pricing now fully in line with Juniper corporate model.  All service is minimal 24/7 (Core support)  Limited support (Formerly Funk) 8/5 is not offered on the SBR Carrier product line and will be discontinued on all SBR Service Provider products  Direct Core support is approx 20% of product price (formerly 25%)  Partner Core support is approx 15% of product price

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 31 Use Cases Wireline PPP & DHCP

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 32 SBR Carrier in PPP and DHCP scenario’s Premium Content Transit Point/ Internet Core RADIUS PPP DHCP ERX & MX local DHCP server authenticates subscriber on SBR AAA and SBR returns local DHCP pool name authenticates subscriber on SBR AAA and SBR returns ip address from a pool SBR manages RADIUS

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 33 Migrating customers from Legacy SBR products  Legacy products: SBR/SPE Optionally JavaScripting module  Migration package for each SBR/SPE server under valid maintenance contract: SBR Carrier Core (SBR-CAR-AAA) Additional 50K concurrent user license (SBR-CAR-ADD-50K) Additional 100K concurrent user license (SBR-CAR-ADD-100K) Optionally JavaScripting Module (SBR-CAR-JSC)  Cost: minimal, TBD  Why migrate: SBR Carrier is a true converged AAA that will allow the Carrier to extract additional value from its subscriber base SBR Carrier has a future Better performance/scalability: SBR Carrier is tested and dimensioned for newer HW with better performance/scalability More value in the base package More options to expand and provide higher value per subscriber Free 150K concurrent user license for every migrated SPE license

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 34 Use Cases 3GPP GPRS/UMTS/HSxPA

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 35 SBR Carrier in 3GPP networks Intranets/ Internet Base Switching Station (GSM): TDMA Data technologies (2.5G): GPRS (60-80kbps) EDGE ( kbps) Packet Backbone Network RNC Node-B BTS BSC 2G- SGSN GGSN 3G-SGSN Service and policy Subsriber Databases Billing platforms Service Gateways Service platforms Identity and Policy repositories SBR Carrier GGSN HLR UTRAN (UMTS): WCDMA Data technologies (3G): UMTS (384kbps) HSDPA (1Mbps-3.6Mbps) SS7 signaling Network

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 36 Migrating customers from Legacy SBR products  Legacy products: SBR/SPE Optionally JavaScripting module  Migration package for each SBR/SPE server under valid maintenance contract: SBR Carrier Core (SBR-CAR-AAA) Additional 50K concurrent user license (SBR-CAR-ADD-50K) Additional 100K concurrent user license (SBR-CAR-ADD-100K) Optionally JavaScripting Module (SBR-CAR-JSC)  Cost: minimal, TBD  Why migrate: SBR Carrier is a true converged AAA that will allow the Carrier to extract additional value from its subscriber base SBR Carrier has a future Better performance/scalability: SBR Carrier is tested and dimensioned for newer HW with better performance/scalability More value in the base package More options to expand and provide higher value per subscriber Free 150K concurrent user license for every migrated SPE license

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 37 Use Cases SIM based authentication PWLAN/UMA/Femtocell

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 38 IPsec Tunnel SS7 / SIGTRAN RADIUS Odyssey Access Client 802.1x Wm Gb Gn Gi LDAP / SQL Broadband Services Router Backbone / Edge Router Up A GSM Broadband IP network UMA Subscriber Database HLR / AUC Security Gateway UMA Network Controller S1 A UMA Mobile Phone SBR Carrier in UMA / Femtocell Environments Mobile Services AAA server identifies / differentiates traffic and routes to appropriate back- end for authentication Policy & Control Transport Services & Applications

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 39 Migrating customers from Legacy SBR products  Legacy products: SBR SIM server  Migration package for each SBR/SPE server under valid maintenance contract: SBR Carrier Core (SBR-CAR-AAA) SIM authentication module (SBR-CAR-SIM) JavaScripting Module (SBR-CAR-JSC)  Cost: minimal, TBD  Why migrate: SBR Carrier is a true converged AAA that will allow the Carrier to extract additional value from its subscriber base SBR Carrier has a future Pricing for concurrent subs is lower than SIM server Better performance/scalability: SBR Carrier is tested and dimensioned for newer HW with better performance/scalability More value in the base package More options to expand and provide higher value per subscriber 50K concurrent subscribers in base package vs 1K in SIM server

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 40 Use Cases Wimax

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 41 SBR Carrier in WiMAX Mobile Core Network Access Provider MS Internet Steel-Belted Radius Connectivity Service Provider Application Service Provider Steel-Belted Radius NAP Network Access Provider NSP Network Service Provider ASN GW CSN-GW EAP/ PKMv2 EAP/RADIUS RADIUS Mobile IP Tunnel RADIUS V-AAA H-AAA

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 42 Migrating customers from Legacy SBR products  Legacy products: None!  SBR Carrier is the first product that support true Mobile WiMAX

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 43 Competitive

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 44 Cisco Access Registrar  Knockoffs: Not as feature rich as SBR Carrier Manageability not as good SBR Performance is better Requires programming in TCL or C for advanced features that are simply configurable in SBR No EAP-AKA support, EAP-SIM support requires ITP No IPv6 support No native Oracle support  Watch out for: RADIUS CoA support in base package Aggressive discounting in turnkey solutions  Pricing: CPU (Core) based Base Server (1 CPU/Core): $35,000 Additional $10,000 per CPU/Core SIM support more expensive and requires ITP product for HLR connectivity

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 45 Bridgewater AAA service controller  Knockoffs: Very basic base feature package, SBR Carrier Core comes with a lot more features packed in the base package Everything is an option (from EAP to accounting to assigning an ip-address) Base package with 10K subs already more expensive then SBR Carrier core with 50K subs List price overall 3 to 10 times as expensive as SBR Carrier, based on functionality Requires expensive pro-services for expansion or custom business logic Comes with integrated subscriber database, no support for existing subscriber databases. SBR can integrate with existing infrastructure No EAP-SIM and EAP-AKA HLR support  Watch out for: Good entry level price for 1K subs basic package, which allows customer penetration, anything beyond that is very expensive Aggressive marketing Company focus, this is their only product DCHP server support Integrated subscriber database can be an asset if that is a customer requirement  Pricing: subscriber based Fully subscriber based Everything is optional

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 46 Apertio (NSN) One-AAA  Knockoffs: Pretty basic feature package acquired from AAA vendor focusing on German market SBR Carrier is more mature and feature rich, has a large install base Most of NSN’s customers are running SBR Comes with integrated subscriber database, no support for existing subscriber databases. SBR can integrate with existing infrastructure No EAP-SIM and EAP-AKA HLR support No WiMAX support (NSN is selling SBR Carrier into WiMAX opportunities), but they are working on it  Watch out for: Pure subscriber based pricing allows good entry level price, but scales out higher then SBR Carrier Aggressive discounting in turnkey solution The centralized subscriber management Integrated HLR/HSS/AAA package Integrated subscriber database can be an asset if that is a customer requirement NSN approaching customers they have sold SBR to for a migration  Pricing: subscriber based Fully subscriber based, estimated between $ $1.20/sub

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 47 Literature

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 48