Neptune

For Critical Infrastructures

Risk-Free Digital Evolution

Critical Infrastructures (CI) are under increasing pressure to improve their services, reduce carbon emission, and
increase safety. To achieve this, vast amounts of smart IoT devices are being introduced to achieve better control of
network resources. High-resolution video from CCTV cameras is used to increase security, improve safety, and provide
better customer services. All the data from these devices must be analyzed in real-time and this requires a modernized,
secure IP communication network. The Neptune product family, powered by Ribbon’s unique Elastic MPLS technology
and supported by its Muse™ software gives critical infrastructures a risk-free, future-proof transition path to this new
digitized network. At the same time, it provides optimized support for legacy, mission-critical applications like SCADA,
teleprotection, and emergency communications.

Risk-Free Transition Secure Packet High Availability Multiservice

for tailored network for mission-critical by advanced network for seamless
evolution services architecture evolution to IP

Drivers Of Modernization

Aging Networks Regulation

• End-of-life SDH/TDM/ATM vs network • Compliance to standards
expansion, population growth, and • Carbon emission reduction
new services • Improved service availability and
• High maintenance costs customer satisfaction
• Need for convergence

Internet of Things
• Always-connected sensors Security and Safety
• SCADA • Control automation
• Automation and control • Safety recommendation
• Smart devices • Video surveillance
• Cyber and physical security

Application Note
Neptune For Critical Infrastructures

Cost-Effective and Risk-Free Transition to Packet

The Neptune product family provides cost-effectiveness to a packet-based network. This comprehensive portfolio
ensures the right-sized platform that is always available, with unique, in-service, pay-as-you grow capabilities, allowing
easy capacity and technology expansion, as follows:

• Capacity is added when

MuseTM
needed with in-service
expansion units and
in- service upgradeable
packet fabrics (e.g. 10G
to 60G, 100G to NPT-1010D NPT-1022 NPT-1050 NPT-1250 NPT-1300 NPT-1800

200/320G, 1T to 2T).
TP/
TP
IP
• Technology is introduced
when required with NPT-1010 NPT-1020/21 NPT-1200

unique in-service
TP TP
expansion units to
scale connectivity and
Capacity 5 Gbps Up to 60 Gbps Up to 300 Gbps Up to 560 Gbps Up to 1.6 Tbps Up to 2 Tbps
elasticity (Ethernet,
Optical, PCM, CES); and Height 1U 1U 1U 2U 3U 8U
with integrated WDM,
OTN, and bidirectional Access Metro Aggregation Metro Core
SFPs to simplify optical
connectivity.
100GE Coherent

Holistic Security Suite

Critical infrastructures are a prime target for cyber-attacks. Data security is a particularly complex matter. It must protect
both Information Technologies (IT) and Operational Technologies (OT) and be able to identify tangible threats from the
multitude of reported events.
All Device Types, Muse SHIELD TM

Neptune provides an NFVi balde to host the Muse Anytime, Anywhere

L1-L3 Encryption
Cyber Security SHIELD. This provides physical layer
NextGen Firewall
security with encryption, firewalls, and intrusion
IDS/IPS
detection. It provides the capabilities to identify
and deal with potential attacks in several ways: SCADA Anomaly
Detection
Events
• Prevents attacks where they occur with Basic Internet
Logs
distributed attack mitigation. NetFlows
Policy Protection
DPI
• Guards the integrity of the SCADA and OT
network. The system maintains a complete
OT network map and monitors all transactions
for abnormal behavior continuously, providing
early warnings of any tampering.
• Identifies real threats with advanced
Distributed Attack
correlation and analysis for a clear view of Mitigation
tangible threats and ranks them by severity.

2 Application Note
Neptune For Critical Infrastructures

Multiservice Platform
Neptune uses Elastic MPLS to provide a complete multiservice platform for critical infrastructures, with OT and IT
services supported over the most appropriate transport technology. Mission-critical OT , like SCADA, requires the
static, deterministic behavior that TDM and MPLS-TP provide. On the other hand, IP/MPLS and segment routing provide
optimized support for IT services like voice, video, and non-mission-critical networking. Both IT and OT traffic can be
supported on the same platform or on different platforms. Configuring and maintaining the SLAs and QoS on a service-
by-service basis supports this without compromising security. Neptune can be integrated seamlessly into an optical
transport layer, providing cost-efficient transport of the high-capacity data generated by video and other IT applications.

Networking
Packet (IP/MPLS)
Networking FE, 1GE, 10GE
Control
Packet (MPLS-TP) Control V.35, X21,RS-232, RS-449, V.24, V.11, V.36
Security Neptune Teleprotection IEEE-C37.94
TDM
Voice E1/T1, FXO/FXS, 2/4 E&M, Omni
Voice
Optical Transport Video Ethernet with PoE+
Apollo
Video & OTN

As networks evolve to packet, the deterministic, bidirectional traffic paths used by MPLS-TP ensure that robust timing is
maintained. For critical infrastructures wishing to use their unique geographical footprint to generate extra revenues as
a Utelco, the multiservice capabilities of Neptune provide the managed L2 and L3 VPNs required for business services,
residential services, mobile backhaul, and future IoT applications. Muse LightSOFT provides network management for all
Ribbon Packet and Optical products. It provides
Master Clock Slave Clock
right-first-time network provisioning, rapid fault
Ribbon
isolation, and automation of routine tasks for Ribbon

easier and smooth day-to-day operation. Muse Ribbon

Protection SCADA Voice

software applications take this a step further, Ribbon
Ribbon
providing advanced operation software to Ribbon
Ribbon

analyze network data, ensuring the network is Ribbon Ribbon

operating at maximum availability, utilization, Video

Surveillance Microwave Networking

and efficiency. Ribbon

Cost-Effective and Risk-Free Transition to Packet

Critical infrastructures require communication networks that provide ‘five-9s availability’ or better. Neptune achieves this with:

• Fully-redundant hardened design of the Network Elements: With 1+1 and 1:1 protection of key units and extended
temperature range for use in energy applications (-25°C to +70°C)

• Fast protection against single and multiple network failures: MPLS-TP supports sub-50ms protection switching for
single failures. Used in conjunction with pseudowire redundancy, protection is provided for multiple failures

• Remote disaster recovery: Allows network and management restoration from geographically dispersed sites in the
event of a catastrophic failure

• Network data collection and analysis: LightINSIGHT™ provides advanced network data analysis to help identify
trends over time.

3 Application Note
Neptune For Critical Infrastructures

Technical Specifications
Risk-Free Transition
• Legacy Interface support: SNMPv2/v3, CLI
Risk-Free • Transport technologies: Elastic MPLS supports IP/MPLS. MPLS-TP and segment routing
Scalable • Traditional management systems: Muse Software Suite, MUSE LightSOFT, LightINSIGHT, Muse Cyber Security Suite, EMS-NPT, LCT
• Future proof: Muse Software Suite, OpenFlow, NETCONF/YANG, PCEP, BCP-LS (Fut)
Transistion
In-Service Scalability
• Elastic Modularity: Expansion unit provides 3 slots for in-service capacity and technology expansion
• Switching fabric expansion: Adding extra switch cards increases the switch matrix capacity

Tailored, Holistic Security with the MUSE Cyber Security Suite

Secure • OT security: Integrated SCADA protection, secured connectivity, and secured services
Packet • IT Security: L2 and L3 VPNs: for secure business services with guaranteed SLAs and QoS, L1 to L3 encryption with L1 optical
intrusion detection from LightPULSE™

Elastic MPLS (Packet)

• Services: MEF CE2.0 (E-Line, E-LAN, E-Tree, E-Access), Ethernet, L2/L3 VPNs, MPLS-TP, IP/MPLS, Segment Routing
• Service Interfaces: FE, 1GE, 10GE, 100GE

TDM
• Services: CES (SAToP, CESoP and CEP)
• Service interfaces: n x 64Kbps (FXO, FXS, 2/4W E&M, V24, V35, V36, V11, RS422, RS449, C37.94, OMNI, G.703 64K), E1/T1, E3/
DS3, STM-1/OC-3, STM-4/OC-12, STM-16/64

OTN
Multiservice • Capacity: 3 x 40G
• Services: Ethernet, Storage, Video, SDH/ SONET
• Service interfaces: 10GE, FC-1/2/4/8/10, SDI, HD-SDI, DVB-ASI, STM-16/64, OC-12/48
• Transport interfaces: OTU-1, OTU-2, OTU-2e

WDM
• CWDM, DWDM, Muxponder, Amplifiers
Flexibility
• Topologies: Mesh, multi-ring, ring, star, linear
• Protocol conversion: IP/MPLS and MPLS-TP stitching, pseudo-wire headend termination

Protection and Restoration

Hardware redundancy for common units, I/O Hardware protection (IOP), G.8032 Ethernet Ring Protection (ERP), MPLS-TP FRR,
Dual FRR, 1:1 Linear protection, PW Redundancy, Virtual Router Redundancy Protocol (VRRP), MS-PW, IEEE 802.3ad Ethernet Link
Aggregation (LAG), Multi-chassis LAG Transport interfaces: OTU-1, OTU-2, OUT-2e

Timing and Synchronization

SyncE, 1588v2, External timing 1PPS and TOD, Internal Stratum 3 clock (holdover state), Primary and secondary sources
High (supports SSM bits), ACR, DCR, loop timing on SAToP, BITs (2MHz/2Mbit)

Availability Operations, Administration, and Maintenance (OAM)

Ethernet OAM (IEEE 802.1ag and ITU-T Y.1731 PM), IP/MPLS OAM (LSP Ping, LSP Trace-route), MPLS-TP OAM (CC/AIS/RDI/LB/LT/DM),
Bidirectional Forwarding Detection (BFD), RFC 2544 generator, Y.1564

Traffic Management and Security

Traffic Management: Traffic Classification (based on Port, VLAN, Port+VLAN, IEEE 802.1p, IPv4/IPv6 TOS and DSCP),
Network-wide Call Admission Control (CAC), 8 Classes of Service (CoS)
• Security: Access Control List (ACL), Radius, IEEE802.1x, SSH, SSA, Encrypted OSPF (HMAC-SHA256)

Specifications subject to change without notice

About Ribbon
Ribbon Communications (Nasdaq: RBBN) delivers communications software, IP and optical networking solutions to
service providers, enterprises and critical infrastructure sectors globally. We engage deeply with our customers, helping
them modernize their networks for improved competitive positioning and business outcomes in today’s smart, always-on
and data-hungry world. Our innovative, end-to-end solutions portfolio delivers unparalleled scale, performance, and agility,
including core to edge software-centric solutions, cloud-native offers, leading-edge security and analytics tools, along with
IP and optical networking solutions for 5G. We maintain a keen focus on our commitments to Environmental, Social and
Governance (ESG) matters, offering an annual Sustainability Report to our stakeholders. To learn more about Ribbon visit
rbbn.com.
Contact Us Contact us to learn more about Ribbon solutions.

Copyright ©️ 2023, Ribbon Communications Operating Company, Inc. (“Ribbon”). All Rights Reserved. v0523

4 Application Note