610 likes | 949 Views
Allot Network Intelligence. Tomás Gómez de Acuña tgomez@allot.com. Allot–At-A-Glance. Company Status. Public company traded on NASDAQ [ALLT]. Employees. 250. R&D and Operations. Israel, Hod Hasharon.
E N D
Allot Network Intelligence Tomás Gómez de Acuña tgomez@allot.com
Allot–At-A-Glance Company Status Public company traded on NASDAQ [ALLT] Employees 250 R&D and Operations Israel, Hod Hasharon Americas: MN, CA, NY, TX, AZ, BrazilEurope: France, UK, Germany, Italy, Spain, Scandinavia Asia/Pac.: Singapore, Japan, Australia WW Sales and Support Founded 1997 More than 9000 units sold in 118 countries More than 700 service providers More than 2060 enterprises and educational inst. Track Record
VoIP London Office VoIP Paris Office VoIP Tokyo Office Allot Network Intelligence Solution Internet Access Internet Data Center Citrix Clients NetEnforcer WAN RED LAN / CORE Web, Email, Citrix Servers NetEnforcer NetEnforcer VPN/Leased Line/MPLS SAP/CitrixOracle Video Service Protector Service Protector VoIP GW PBX NetEnforcer NetXplorerServer GUI Client SMP Server
Network Intelligence Solution – Main Features • Network visibility & Network Intelligence • Network troubleshooting • Layer 7 Firewall • Signature Base, DPI (Deep Packet Inspection) • Connection Control • Connection limitation per rule • Badwidth assignment per connection • Data center protection / DoS protection • DDoS and Malicious Traffic Control (Service Protector) • P2P Control • Application Control • QoS Bandwidth Management • Video Caching (MediaSwift) • Block of Illegal Webside URLs (Websafe) • Managed Services. Virtual Traffic Control • Subscriber Management. Traffic Control per Subscriber • Accounting and Billing
Allot Product Family Service Protector NetEnforcer WebSafe NetXplorer & NetXplorerProvisioner Subscriber Management Platform (SMP)
NetEnforcer Products NetXplorer SMP AC-400 AC-800 AC-1000 AC-10000 Service Gateway AC-2500 Ancho De Banda 2 a 100 Mb 45 a 310 Mb 155 Mb a 1 Gb 310 Mb a 2,5 Gb 5 Gb a 40Gb 4 Gb to 20 Gb Politicas 4.000 28.000 80.000 80.000 400.000 400.000 Internet Access,Local ISPs Pymes y SMB Tier 1, 2Carriers, ISPs Tier 1, 2Carriers, ISPs, EnterpriseUniversidades Tier 1, 2Carriers, ISPs, EnterpriseUniversidades Tier 2-3 Carriers,ISPs,EnterpriseUniversidades EnterpriseISPs Universidades Clientes
Monitoring QoSControl Malicious traffic control URLFiltering Content Caching The Service Gateway Vision Network + Subscriber Management 3rd PartyServices FutureService ... DPI Engine Open platform enabling integrationof best-in-class services
Service Gateway Redirecction Internet Access • Caching • URL Filtering • IDS • Firewall • Contect Inspection • Reponse Time System Third Party Product RED LAN / CORE Centralized DPI System • Reduce System Investment • Better Traffic Control • Really Intelligent (L7) Forward
Internet Internet Router Router WAN LAN DMZ NetEnforcer NetEnforcer Firewall Firewall NetEnforcer LAN Switch DMZ LAN Switch DMZ 1 & 2 links Topologies Two Links. Different Networks One link Two Links. RedundantConfiguration • 10/100 Ethernet: NE 402/802 • 1 Giga: NE 802/1010 • 10 Giga: NE 10100 / SG • 10/100 Ethernet: NE 404/804 • 1 Giga: NE 804/1020/2520 • 10 Giga: NE 10200 / SG • 10/100 Ethernet: NE 404/804 • 1 Giga: NE 804/1020/2520 • 10 Giga: NE 10200 / SG
NetEnforcer 4 links Topologies Four Links. RedundantConfiguration. Fully Meshed FourLinks. Different Networks. • 10/100 Ethernet: NE 808 • 1 Giga: NE 808/2540 • 10 Giga: SG 8 x 10G • 10/100 Ethernet: NE 808 • 1 Giga: NE 808/2540 • 10 Giga: SG 8 x 10G
8 links Topologies Eight Links. Different Networks • Service Gateway: 8 links of 1 giga
ActiveRedundancyLink RedundancySupportLink Normal Scenario Primary Active Internet Primary BypassActive Mode Primary Secondary BypassBypass Mode Router Secondary High Availability
SMP Features Subscriber Monitoring Tiered Services Quota Management • Time Based • Volume Based Portal
NetXplorer Provisioner Arquitecture ManagedServices: Virtual Traffic & Network Intelligence Authentication NetXplorer Server RADIUS Server Users Policy Modifications and Data Collection Back-end control Front-end Provisioning and Monitoring Internet Users NetEnforcer NetXplorer Provisioner Network Operator
NetXplorer & SMP Arquitecture GUI Client GUI Client OSS RADIUS/DHCP Mediation / Billing NetXplorer Server Subscriber Management NetXplorer DataCollector NetXplorer DataCollector NetXplorer DataCollector
Netxplorer Features MainFeatures • Network Visibility • Real Time Monitoring • Long TermMonitoring • Auto ApplicationDiscovery • CentralizedPolicy Management • QoSdefinition • L7 Firewalling • Port Redirection • DoS control • ReportsCreation • ReportsScheduling • Events & Alarms
Rich Set of Graphs • Statistics • Utilization • Distribution Graphs • NetEnforcers • Lines / Pipes / VCs • Protocols • Hosts / Int / Ext / • Conversations • Subscribers • Average Protocol Popularity • Typical Time
NetXplorer Most Active Graphs Available for: Netenforcer Lines, Pipes, Virtual Channels Protocolos Hosts Internal Host External Host Conversations Reports Top N Three Dimensional Graphs
NetXplorer Data Selection Date & Time Range
NetXplorer Report Creation MultipleFormat Output Reports
QoS Optimization & Control Without Allot With Allot P2P Upload P2P Download Visible and Managed VoIP WebTV Video Conferencing Unmanaged Gaming email Allot NetEnforcer
Actions Conditions Policy Name NetXplorer Policy Definition
Superior DPI technology • New dedicated H/W offers scalability & upgradability • Based on Allot’s Next Generation DPI engine S/W with native APU (Allot Protocol Updates) support • Advanced Proactive Learning System for finer identification of sophisticated P2P Apps • Leader in real time and internet protocols
Improvement of QoS features • 3-level policy control • LINE, PIPE & Virtual Channel • Expedited Forwarding for real time applications • Assured Forwarding for video streaming • Drop Precedence for effective BW management (short term peak traffic) • Tailored QoS behavior per Application • Per Flow Queuing mechanism
DoS & Connection Control DoS Control Connection Control
ServiceProtector • Protects against DDoS attacks; network attacks; worms; subscriber zombies; spambots • Behavior-based ADS (Anomaly Detection System) • Facilitates surgical isolation at the network or subscriber level KEY BENEFITS • Reduce customer complaints • Reduce OPEX • Avoid email blacklisting • Enhance network mgmt • Improve network stability • Protect key customers • Protect revenue streams
ServiceProtector’s Main Features Signature free DDoS, Spam and Zombie detection 0 day detection Fully based on traffic behavior <5% false positives, >95% rate true positives Fast attack identification. Normally less than 5 min from begin to mitigation “On-Fly” attack signature creation For Mitigating the attacks Easy and transparent installation Distributed system Multiples sensors with one management console Independent solution No help needed from routers Fully integrated with NetXplorer’s Network Intelligent System External server or a ATCA blade Up to 10Gbits real-time detection per sensor 38 24 August 2014
Network Behavior Anomaly Detection (NBAD) • Network attacks disrupt network behavior and the normal relationship between network statistics • Uses TCP/IP statistics to build behavioral models • Identifies disruptions in absolute and relative network statistics • Connectionless, sessionless, stateless • Detection speed inversely proportional to magnitude of attack • Invariant to normal peaks and troughs • Sensitive to attacks
Deployment • Hosting Services • DDoS protection • International/local • peering partners • SP-Controller • Access • Access Core IP Network • NetXplorer • SP-Sensor • SP-Sensor blade* • SP-Sensor blade* • SP-Sensor • Cable Subscribers • NetEnforcer • DSL Subscribers • Service Gateway • Service Gateway • * Availability of Service Protector blade to be announced – expect mid-late ‘08
MediaSwift • Intelligent Media Caching maximizes network efficiency • Accelerates content delivery and provides highest QoE • Reduce delivery costs and improve service quality KEY BENEFITS • Transparent caching of all bandwidth-intensive protocols • Reduce OPEX • Reduction of upstream bandwidth • Wire speed data delivery • Preserves functionality for all Internet services • Scalable multi-gigabit bandwidth generation
Bandwidth Control & Media Acceleration Internet HTTP Traffic • Manages traffic and BW growth • Produces BW savings • Fastest downloads possible • Best Quality of Experience (QoE) • Satisfy user demand for media • Competitive advantage over other ISPs MediaSwift ISP Core Network P2P Traffic ISP Access Network Subscribers HTTP Video P2P Peer Email, HTTP VoIP
Requested file is in the storage File is downloaded from storage Connection with peer is maintained File Download Stopped! FileDownload Keep Alive File Request File Request SG redirects multimedia traffic to/from blade How it Works MediaSwift Blade SG-Sigma ISP User Internet User
Network-based illegal content filtering solution WebSafe • An add-on service for Allot Service Gateway Sigma • Supports encrypted URL blacklists • up to 50,000 entries • Supports Whitelist • Overrides Blacklist in case of over-blocking • Up to 10,000 entries • Multiple enforcement actions: • Redirect or block user
Referencias Administración Pública • Turespaña • Catastro • Servicio Andaluz de Salud • Oficina de Patentes • Forum de Barcelona • Principado de Asturias • Gobierno de La Rioja • Gobierno de Canarias • Gobierno de Navarra • Gobierno de Cantabria • Ayuntamiento de Gijón • Ayuntamiento de Rivas • Ayuntamiento Laguna de Duero • Ayntamiento de Torre Pacheco • Parlamento de Cataluña • Informática Comunidad de Madrid • Estrada Dixital • Hospital Marqués de Valdecilla • Sescam • Xunta de Galicia • Ayunt. Quitanadueñas • Ayunt. de Barcelona Banca y Seguros • BBVA • Banco Sabadell • Santa Lucia • Caixanova • Rural Servicios Informáticos • Agroseguro • BBK • Ibercaja • Cajasegovia • Aseval • Caja Laboral • Ministero de Sanidad • Ministerio de Agricultura • Ministerio de Economía (IGAE) • Marina Mercante • Generalitat Valenciana • Ayuntamiento de Lloret • Dirección General de Aragón (DGA) • Sadesi (Junta de Andalucía) • Junta de Extremadura • Consejería Educación Junta de Andalucía • Parlamento de Vasco • Osakidetza (Servicio Vasco de Salud) • IKT (Gobierno Vasco) • Autoridad Portuaria de Valencia • Dirección Gral de la Policia • Ministerio de Defensa • Ministerio del Interior • Gobierno de Murcia (F. Integra) • Colegio de Registradores • CNMV
Operadores Unión Fenosa Telecomunicaciones Comunitel Neo Sky Fujitsu ASP BT Telecable R PTVTelecom Mcctelecom CableMutua Riosat Everbit Gemytel Más de 10 operadores de Cable regionales WifiOnline Axartel Novatelefonia Cable Sur Epresa Cable Melilla AWA Acorde Telecom Castilla La Mancha Universidades Universidad de Oviedo Universidad de Las Palmas Universidad de Málaga Universidad de Burgos Universidad de Cantabria Universidad de León Universidad Alfonso X el Sabio Universidad Miguel Hernández Universidad de Murcia Universidad de Barcelona Oxford University Press Universidad Pública de Navarra Universidad de La Rioja Escuela universitaria Galileo Galilei Universidad de Jaen Universidad de Huelva Universidad Politécnica de Madrid Universidad de Granada Referencias
Referencias Industria y Empresa • Iron Montain • ENCE • Barceló Viajes • Garden Hotel • Praxair • RTVE • Turespaña • Agroseguro • DHL • Tectotrans • Marmedsa • Mundo Social • Viajes Marsans • Dorna • Telemadrid • Unión Española de Explosivos • Arias • La Cope • MediaPro – La sexta • Museo del prado • Metro de Madrid • Polaris World • Cementos Rohe • Prosegur • Algeposa • Global Interlink • Azertia • Garden Group • Puleva • Albatros • Almirall • Torraspapel • Iberdrola • OHL • Telefónica Soluciones • Blanco Diagomoda • AENA • Radio Televisión Valenciana • Transportes AZKAR • Marítima Bergé • Torraspapel • Singular Kitchen • ABC-Vocento • Ibermática • Redcom • Spainrep • Clar • Roboticker • Ciudad de La Luz • Detinsa • Estrella de Galicia • Plásticos Ferro • Forum de Barcelona • Grupo Urvasco • Grupo Boluda • Armillar • Pipeline Sofware • Punto Acceso • Rodio Cimentaciones • Mtorres • Schneider Electric • Trentinort • Unisono • ACS/dragados • Telepizza