1 / 48

Allot Network Intelligence

Allot Network Intelligence. Tomás Gómez de Acuña tgomez@allot.com. Allot–At-A-Glance. Company Status. Public company traded on NASDAQ [ALLT]. Employees. 250. R&D and Operations. Israel, Hod Hasharon.

tacy
Download Presentation

Allot Network Intelligence

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Allot Network Intelligence Tomás Gómez de Acuña tgomez@allot.com

  2. Allot–At-A-Glance Company Status Public company traded on NASDAQ [ALLT] Employees 250 R&D and Operations Israel, Hod Hasharon Americas: MN, CA, NY, TX, AZ, BrazilEurope: France, UK, Germany, Italy, Spain, Scandinavia Asia/Pac.: Singapore, Japan, Australia WW Sales and Support Founded 1997 More than 9000 units sold in 118 countries More than 700 service providers More than 2060 enterprises and educational inst. Track Record

  3. VoIP London Office VoIP Paris Office VoIP Tokyo Office Allot Network Intelligence Solution Internet Access Internet Data Center Citrix Clients NetEnforcer WAN RED LAN / CORE Web, Email, Citrix Servers NetEnforcer NetEnforcer VPN/Leased Line/MPLS SAP/CitrixOracle Video Service Protector Service Protector VoIP GW PBX NetEnforcer NetXplorerServer GUI Client SMP Server

  4. Network Intelligence Solution – Main Features • Network visibility & Network Intelligence • Network troubleshooting • Layer 7 Firewall • Signature Base, DPI (Deep Packet Inspection) • Connection Control • Connection limitation per rule • Badwidth assignment per connection • Data center protection / DoS protection • DDoS and Malicious Traffic Control (Service Protector) • P2P Control • Application Control • QoS Bandwidth Management • Video Caching (MediaSwift) • Block of Illegal Webside URLs (Websafe) • Managed Services. Virtual Traffic Control • Subscriber Management. Traffic Control per Subscriber • Accounting and Billing

  5. Allot Product Family Service Protector NetEnforcer WebSafe NetXplorer & NetXplorerProvisioner Subscriber Management Platform (SMP)

  6. NetEnforcer Products NetXplorer SMP AC-400 AC-800 AC-1000 AC-10000 Service Gateway AC-2500 Ancho De Banda 2 a 100 Mb 45 a 310 Mb 155 Mb a 1 Gb 310 Mb a 2,5 Gb 5 Gb a 40Gb 4 Gb to 20 Gb Politicas 4.000 28.000 80.000 80.000 400.000 400.000 Internet Access,Local ISPs Pymes y SMB Tier 1, 2Carriers, ISPs Tier 1, 2Carriers, ISPs, EnterpriseUniversidades Tier 1, 2Carriers, ISPs, EnterpriseUniversidades Tier 2-3 Carriers,ISPs,EnterpriseUniversidades EnterpriseISPs Universidades Clientes

  7. NetEnforcer: Enterprise / Medium SP Platform

  8. NetEnforcer: SP & Carrier Platform

  9. AC10000

  10. Service Gateway

  11. Monitoring QoSControl Malicious traffic control URLFiltering Content Caching The Service Gateway Vision Network + Subscriber Management 3rd PartyServices FutureService ... DPI Engine Open platform enabling integrationof best-in-class services

  12. Service Gateway Redirecction Internet Access • Caching • URL Filtering • IDS • Firewall • Contect Inspection • Reponse Time System Third Party Product RED LAN / CORE Centralized DPI System • Reduce System Investment • Better Traffic Control • Really Intelligent (L7) Forward

  13. Internet Internet Router Router WAN LAN DMZ NetEnforcer NetEnforcer Firewall Firewall NetEnforcer LAN Switch DMZ LAN Switch DMZ 1 & 2 links Topologies Two Links. Different Networks One link Two Links. RedundantConfiguration • 10/100 Ethernet: NE 402/802 • 1 Giga: NE 802/1010 • 10 Giga: NE 10100 / SG • 10/100 Ethernet: NE 404/804 • 1 Giga: NE 804/1020/2520 • 10 Giga: NE 10200 / SG • 10/100 Ethernet: NE 404/804 • 1 Giga: NE 804/1020/2520 • 10 Giga: NE 10200 / SG

  14. NetEnforcer 4 links Topologies Four Links. RedundantConfiguration. Fully Meshed FourLinks. Different Networks. • 10/100 Ethernet: NE 808 • 1 Giga: NE 808/2540 • 10 Giga: SG 8 x 10G • 10/100 Ethernet: NE 808 • 1 Giga: NE 808/2540 • 10 Giga: SG 8 x 10G

  15. 8 links Topologies Eight Links. Different Networks • Service Gateway: 8 links of 1 giga

  16. ActiveRedundancyLink RedundancySupportLink Normal Scenario Primary Active Internet Primary BypassActive Mode Primary Secondary BypassBypass Mode Router Secondary High Availability

  17. SMP Arquitecture

  18. SMP Features Subscriber Monitoring Tiered Services Quota Management • Time Based • Volume Based Portal

  19. NetXplorer Provisioner Arquitecture ManagedServices: Virtual Traffic & Network Intelligence Authentication NetXplorer Server RADIUS Server Users Policy Modifications and Data Collection Back-end control Front-end Provisioning and Monitoring Internet Users NetEnforcer NetXplorer Provisioner Network Operator

  20. NetXplorer Provisioner (NPP)

  21. NetXplorer & SMP Arquitecture GUI Client GUI Client OSS RADIUS/DHCP Mediation / Billing NetXplorer Server Subscriber Management NetXplorer DataCollector NetXplorer DataCollector NetXplorer DataCollector

  22. Netxplorer Features MainFeatures • Network Visibility • Real Time Monitoring • Long TermMonitoring • Auto ApplicationDiscovery • CentralizedPolicy Management • QoSdefinition • L7 Firewalling • Port Redirection • DoS control • ReportsCreation • ReportsScheduling • Events & Alarms

  23. Netxplorer Drill Down Capability

  24. Rich Set of Graphs • Statistics • Utilization • Distribution Graphs • NetEnforcers • Lines / Pipes / VCs • Protocols • Hosts / Int / Ext / • Conversations • Subscribers • Average Protocol Popularity • Typical Time

  25. NetXplorer Most Active Graphs Available for: Netenforcer Lines, Pipes, Virtual Channels Protocolos Hosts Internal Host External Host Conversations Reports Top N Three Dimensional Graphs

  26. NetXplorer Data Selection Date & Time Range

  27. NetXplorer Report Creation MultipleFormat Output Reports

  28. NetXplorer Report Scheduling

  29. Events & Alarms

  30. QoS Optimization & Control Without Allot With Allot P2P Upload P2P Download Visible and Managed VoIP WebTV Video Conferencing Unmanaged Gaming email Allot NetEnforcer

  31. Actions Conditions Policy Name NetXplorer Policy Definition

  32. Superior DPI technology • New dedicated H/W offers scalability & upgradability • Based on Allot’s Next Generation DPI engine S/W with native APU (Allot Protocol Updates) support • Advanced Proactive Learning System for finer identification of sophisticated P2P Apps • Leader in real time and internet protocols

  33. Service Catalog

  34. Improvement of QoS features • 3-level policy control • LINE, PIPE & Virtual Channel • Expedited Forwarding for real time applications • Assured Forwarding for video streaming • Drop Precedence for effective BW management (short term peak traffic) • Tailored QoS behavior per Application • Per Flow Queuing mechanism

  35. QoS Catalog

  36. DoS & Connection Control DoS Control Connection Control

  37. ServiceProtector • Protects against DDoS attacks; network attacks; worms; subscriber zombies; spambots • Behavior-based ADS (Anomaly Detection System) • Facilitates surgical isolation at the network or subscriber level KEY BENEFITS • Reduce customer complaints • Reduce OPEX • Avoid email blacklisting • Enhance network mgmt • Improve network stability • Protect key customers • Protect revenue streams

  38. ServiceProtector’s Main Features Signature free DDoS, Spam and Zombie detection 0 day detection Fully based on traffic behavior <5% false positives, >95% rate true positives Fast attack identification. Normally less than 5 min from begin to mitigation “On-Fly” attack signature creation For Mitigating the attacks Easy and transparent installation Distributed system Multiples sensors with one management console Independent solution No help needed from routers Fully integrated with NetXplorer’s Network Intelligent System External server or a ATCA blade Up to 10Gbits real-time detection per sensor 38 24 August 2014

  39. Network Behavior Anomaly Detection (NBAD) • Network attacks disrupt network behavior and the normal relationship between network statistics • Uses TCP/IP statistics to build behavioral models • Identifies disruptions in absolute and relative network statistics • Connectionless, sessionless, stateless • Detection speed inversely proportional to magnitude of attack • Invariant to normal peaks and troughs • Sensitive to attacks

  40. Deployment • Hosting Services • DDoS protection • International/local • peering partners • SP-Controller • Access • Access Core IP Network • NetXplorer • SP-Sensor • SP-Sensor blade* • SP-Sensor blade* • SP-Sensor • Cable Subscribers • NetEnforcer • DSL Subscribers • Service Gateway • Service Gateway • * Availability of Service Protector blade to be announced – expect mid-late ‘08

  41. MediaSwift • Intelligent Media Caching maximizes network efficiency • Accelerates content delivery and provides highest QoE • Reduce delivery costs and improve service quality KEY BENEFITS • Transparent caching of all bandwidth-intensive protocols • Reduce OPEX • Reduction of upstream bandwidth • Wire speed data delivery • Preserves functionality for all Internet services • Scalable multi-gigabit bandwidth generation

  42. Bandwidth Control & Media Acceleration Internet HTTP Traffic • Manages traffic and BW growth • Produces BW savings • Fastest downloads possible • Best Quality of Experience (QoE) • Satisfy user demand for media • Competitive advantage over other ISPs MediaSwift ISP Core Network P2P Traffic ISP Access Network Subscribers HTTP Video P2P Peer Email, HTTP VoIP

  43. Requested file is in the storage File is downloaded from storage Connection with peer is maintained File Download Stopped! FileDownload Keep Alive File Request File Request SG redirects multimedia traffic to/from blade How it Works MediaSwift Blade SG-Sigma ISP User Internet User

  44. Network-based illegal content filtering solution WebSafe • An add-on service for Allot Service Gateway Sigma • Supports encrypted URL blacklists • up to 50,000 entries • Supports Whitelist • Overrides Blacklist in case of over-blocking • Up to 10,000 entries • Multiple enforcement actions: • Redirect or block user

  45. Referencias Administración Pública • Turespaña • Catastro • Servicio Andaluz de Salud • Oficina de Patentes • Forum de Barcelona • Principado de Asturias • Gobierno de La Rioja • Gobierno de Canarias • Gobierno de Navarra • Gobierno de Cantabria • Ayuntamiento de Gijón • Ayuntamiento de Rivas • Ayuntamiento Laguna de Duero • Ayntamiento de Torre Pacheco • Parlamento de Cataluña • Informática Comunidad de Madrid • Estrada Dixital • Hospital Marqués de Valdecilla • Sescam • Xunta de Galicia • Ayunt. Quitanadueñas • Ayunt. de Barcelona Banca y Seguros • BBVA • Banco Sabadell • Santa Lucia • Caixanova • Rural Servicios Informáticos • Agroseguro • BBK • Ibercaja • Cajasegovia • Aseval • Caja Laboral • Ministero de Sanidad • Ministerio de Agricultura • Ministerio de Economía (IGAE) • Marina Mercante • Generalitat Valenciana • Ayuntamiento de Lloret • Dirección General de Aragón (DGA) • Sadesi (Junta de Andalucía) • Junta de Extremadura • Consejería Educación Junta de Andalucía • Parlamento de Vasco • Osakidetza (Servicio Vasco de Salud) • IKT (Gobierno Vasco) • Autoridad Portuaria de Valencia • Dirección Gral de la Policia • Ministerio de Defensa • Ministerio del Interior • Gobierno de Murcia (F. Integra) • Colegio de Registradores • CNMV

  46. Operadores Unión Fenosa Telecomunicaciones Comunitel Neo Sky Fujitsu ASP BT Telecable R PTVTelecom Mcctelecom CableMutua Riosat Everbit Gemytel Más de 10 operadores de Cable regionales WifiOnline Axartel Novatelefonia Cable Sur Epresa Cable Melilla AWA Acorde Telecom Castilla La Mancha Universidades Universidad de Oviedo Universidad de Las Palmas Universidad de Málaga Universidad de Burgos Universidad de Cantabria Universidad de León Universidad Alfonso X el Sabio Universidad Miguel Hernández Universidad de Murcia Universidad de Barcelona Oxford University Press Universidad Pública de Navarra Universidad de La Rioja Escuela universitaria Galileo Galilei Universidad de Jaen Universidad de Huelva Universidad Politécnica de Madrid Universidad de Granada Referencias

  47. Referencias Industria y Empresa • Iron Montain • ENCE • Barceló Viajes • Garden Hotel • Praxair • RTVE • Turespaña • Agroseguro • DHL • Tectotrans • Marmedsa • Mundo Social • Viajes Marsans • Dorna • Telemadrid • Unión Española de Explosivos • Arias • La Cope • MediaPro – La sexta • Museo del prado • Metro de Madrid • Polaris World • Cementos Rohe • Prosegur • Algeposa • Global Interlink • Azertia • Garden Group • Puleva • Albatros • Almirall • Torraspapel • Iberdrola • OHL • Telefónica Soluciones • Blanco Diagomoda • AENA • Radio Televisión Valenciana • Transportes AZKAR • Marítima Bergé • Torraspapel • Singular Kitchen • ABC-Vocento • Ibermática • Redcom • Spainrep • Clar • Roboticker • Ciudad de La Luz • Detinsa • Estrella de Galicia • Plásticos Ferro • Forum de Barcelona • Grupo Urvasco • Grupo Boluda • Armillar • Pipeline Sofware • Punto Acceso • Rodio Cimentaciones • Mtorres • Schneider Electric • Trentinort • Unisono • ACS/dragados • Telepizza

More Related