MD5 authentication for increased security and graceful restart for faster failure recovery
Border Gateway Protocol 4 (BGP-4)
delivers an implementation of the Exterior Gateway Protocol (EGP) utilizing path vectors; uses TCP for enhanced
reliability for the route discovery process; reduces bandwidth consumption by advertising only incremental updates;
supports extensive policies for increased flexibility; scales to very large networks
Intermediate system to intermediate system (IS-IS)
uses a path vector Interior Gateway Protocol (IGP), which is defined by the ISO organization for IS-IS routing and extended
by IETF RFC 1195 to operate in both TCP/IP and the OSI reference model (Integrated IS-IS)
Static IPv6 routing
provides simple manually configured IPv6 routing
Dual IP stack
maintains separate stacks for IPv4 and IPv6 to ease the transition from an IPv4-only network to an IPv6-only network
design
Routing Information Protocol next generation (RIPng)
extends RIPv2 to support IPv6 addressing
OSPFv3
provides OSPF support for IPv6
BGP+
extends BGP-4 to support Multiprotocol BGP (MBGP), including support for IPv6 addressing
IS-IS for IPv6
extends IS-IS to support IPv6 addressing
IPv6 tunneling
allows IPv6 packets to traverse IPv4-only networks by encapsulating the IPv6 packet into a standard IPv4 packet;
supports manually configured, 6to4, and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnels; is an
important element for the transition from IPv4 to IPv6
Policy routing
allows custom filters for increased performance and security; supports ACLs, IP prefix, AS paths, community lists, and
aggregate policies
BGP4+ support
utilizes the BGP-4 (RFC 4271) exterior routing protocol for routing integrity and reliability between different autonomous
systems
Security
Access control list (ACL)
supports powerful ACLs for both IPv4 and IPv6; ACLs are used for filtering traffic to prevent unauthorized users from
accessing the network, or for controlling network traffic to save resources; rules can either deny or permit traffic to be
forwarded; rules can be based on a Layer 2 header or a Layer 3 protocol header; rules can be set to operate on specific
dates or times
Terminal Access Controller Access-Control System (TACACS+)
delivers an authentication tool using TCP with encryption of the full authentication request, providing additional security
Network login
allows authentication of multiple users per port using the IEEE 802.1X standard
Remote Authentication Dial-in user Service (RADIUS) login
eases security access administration by using a password authentication server
NAT enablement:
facilitates one-to-one NAT, many-to-many NAT, and NAT control—enabling NAT-PT to support multiple connections;
supports blacklisting in the NAT/NAT-PT; and enables a limit on the number of connections, session logs, and multiple
instances
SSHv2:
uses external servers to securely log in to a remote device or MSRs from a remote location; protects against IP spoofing
and plain-text password interception, with authentication and encryption; and increases the security of SFTP transfers
Unicast Reverse Path Forwarding (URPF):
allows normal packets to be forwarded correctly, but discards the attaching packets due to lack of a reverse path route or
