Presentation is loading. Please wait.

Presentation is loading. Please wait.

Allot Network Intelligence Tomás Gómez de Acuña

Similar presentations


Presentation on theme: "Allot Network Intelligence Tomás Gómez de Acuña"— Presentation transcript:

1 Allot Network Intelligence Tomás Gómez de Acuña

2 2 Allot–At-A-Glance Public company traded on NASDAQ [ALLT] Company Status 250 Employees Israel, Hod Hasharon R&D and Operations Americas: MN, CA, NY, TX, AZ, Brazil Europe: France, UK, Germany, Italy, Spain, Scandinavia Asia/Pac.: Singapore, Japan, Australia WW Sales and Support 1997 Founded More than 9000 units sold in 118 countries More than 700 service providers More than 2060 enterprises and educational inst. Track Record

3 3 Allot Network Intelligence Solution WAN RED LAN / CORE Internet Access Internet VPN/ Leased Line/ MPLS Web, , Citrix Servers Video Citrix Clients SAP/Citrix Oracle VoIP GW PBX Data Center London Office VoIP Paris Office VoIP Tokyo Office VoIP Service Protector SMP Server NetXplorer Server GUI Client NetEnforcer

4 4 Network Intelligence Solution – Main Features Network visibility & Network Intelligence Network troubleshooting Layer 7 Firewall Signature Base, DPI (Deep Packet Inspection) Connection Control Connection limitation per rule Badwidth assignment per connection Data center protection / DoS protection DDoS and Malicious Traffic Control (Service Protector) P2P Control Application Control QoS Bandwidth Management Video Caching (MediaSwift) Block of Illegal Webside URLs (Websafe) Managed Services. Virtual Traffic Control Subscriber Management. Traffic Control per Subscriber Accounting and Billing

5 5 Allot Product Family Subscriber Management Platform (SMP) NetEnforcer NetXplorer & NetXplorer Provisioner Service Protector WebSafe

6 6 NetEnforcer Products AC-400AC-800 AC-1000 AC-2500 Ancho De Banda Ancho De Banda Clientes Internet Access, Local ISPs Pymes y SMB Tier 2-3 Carriers, ISPs, Enterprise Universidades Tier 1, 2 Carriers, ISPs, Enterprise Universidades Enterprise ISPs Universidades 2 a 100 Mb 45 a 310 Mb 155 Mb a 1 Gb 310 Mb a 2,5 Gb Politicas NetXplorer SMP Service Gateway Tier 1, 2 Carriers, ISPs 5 Gb a 40Gb Gb to 20 Gb Tier 1, 2 Carriers, ISPs, Enterprise Universidades AC-10000

7 7 NetEnforcer: Enterprise / Medium SP Platform ModelBandwidthPipesVCs Managed Links AC-40X Monitoring Only100 Mbps1 0244, AC-40X/2M2 Mbps1 0244, AC-40X/6M6 Mbps1 0244, AC-40X/10M10 Mbps1 0244, AC-40X/45M45 Mbps1 0244, AC-40X/100M100 Mbps1 0244, AC-80X Monitoring Only310 Mbps4,09628, AC-80X-C&F45 Mbps4,09628, AC-80X-C&F100 Mbps4,09628, AC-80X-C&F155 Mbps4,09628, AC-80X-C&F310 Mbps4,09628,

8 8 NetEnforcer: SP & Carrier Platform Model Bandwidth Full Duplex PipesVCs Managed Links AC-10X0-Monitoring Only1000 Mbps10,00080, AC-10X0-155M155 Mbps10,00080, AC-10X0-310M310 Mbps10,00080, AC-10X0-620M620 Mbps10,00080, AC-10X0-1000M1000 Mbps10,00080, AC-25X0- Monitoring Only2500 Mbps40,00080, AC-25X0-310M310 Mbps40,00080, AC-25X0-620M620 Mbps40,00080, AC-25X0-1000M1000 Mbps40,00080, AC-25X0-2500M2500 Mbps40,00080,

9 9 31 October 2013 AC10000 Component / FeatureDescription Hardware BladeATCA Chassis Management interface10/100/1000T Traffic Interface2 x 10 GE 4 x 10 GE 8 x 1GE High Availability 1+1 Active Redundancy External Bypass1 per Traffic card Component redundancyInherent redundancy of every component Hot SwapableYes Redundant power SupplyYes TrhoghputUp to 20 Gbps Subscribers Policy SizeUp to 200k Pipes and 400k VCs Concurrent ConnectionsUp to 10M connections (20M flows) New Connections per secUp to 200k new connections per sec (400k new flows)

10 10 31 October 2013 Service Gateway Component / FeatureDescription Hardware BladeATCA Chassis Management interface10/100/1000T Traffic Interface2 x 10 GE 4 x 10 GE 8 X 10 GE 16 x 1 GE High Availability N+1 Redundancy Internal Bypass1 per Traffic card Component redundancyInherent redundancy of every component Hot SwapableYes Redundant power SupplyYes TrhoghputUp to 40 Gbps Subscribers Policy SizeUp to 200k Pipes and 400k VCs Concurrent ConnectionsUp to 10M connections (20M flows) New Connections per secUp to 200k new connections per sec (400k new flows)

11 11 31 October 2013 The Service Gateway Vision DPI Engine Malicious traffic control Monitoring QoS Control URL Filtering Content Caching 3 rd Party Services Future Service... Open platform enabling integration of best-in-class services Network + Subscriber Management

12 12 Service Gateway Redirecction Internet Access Caching URL Filtering IDS Firewall Contect Inspection Reponse Time System Third Party Product RED LAN / CORE Centralized DPI System Reduce System Investment Better Traffic Control Really Intelligent (L7) Forward

13 13 1 & 2 links Topologies 10/100 Ethernet: NE 402/802 1 Giga: NE 802/ Giga: NE / SG 10/100 Ethernet: NE 402/802 1 Giga: NE 802/ Giga: NE / SG Internet NetEnforcer Router Firewall LAN SwitchDMZ NetEnforcer Internet Router Firewall LAN SwitchDMZ LANDMZ WAN NetEnforcer One link Two Links. Redundant Configuration Two Links. Redundant Configuration Two Links. Different Networks Two Links. Different Networks 10/100 Ethernet: NE 404/804 1 Giga: NE 804/1020/ Giga: NE / SG 10/100 Ethernet: NE 404/804 1 Giga: NE 804/1020/ Giga: NE / SG 10/100 Ethernet: NE 404/804 1 Giga: NE 804/1020/ Giga: NE / SG 10/100 Ethernet: NE 404/804 1 Giga: NE 804/1020/ Giga: NE / SG

14 14 4 links Topologies NetEnforcer 10/100 Ethernet: NE Giga: NE 808/ Giga: SG 8 x 10G 10/100 Ethernet: NE Giga: NE 808/ Giga: SG 8 x 10G Four Links. Redundant Configuration. Fully Meshed Four Links. Redundant Configuration. Fully Meshed FourLinks. Different Networks. FourLinks. Different Networks. 10/100 Ethernet: NE Giga: NE 808/ Giga: SG 8 x 10G 10/100 Ethernet: NE Giga: NE 808/ Giga: SG 8 x 10G

15 15 8 links Topologies Eight Links. Different Networks Eight Links. Different Networks Service Gateway: 8 links of 1 giga

16 16 High Availability Active Redundancy Link Redundancy Support Link Router Internet Secondary Normal Scenario Primary Active Primary Primary Bypass Active Mode Secondary Bypass Bypass Mode

17 17 SMP Arquitecture

18 18 SMP Features Subscriber Monitoring Tiered Services Quota Management Portal Time Based Volume Based

19 19 NetXplorer Provisioner Arquitecture NetEnforcer NetXplorer Server RADIUS Server NetXplorer Provisioner Network Operator Users Authentication Policy Modifications and Data Collection Front-end Provisioning and Monitoring Back-end control Internet Users Managed Services: Virtual Traffic & Network Intelligence

20 20 NetXplorer Provisioner (NPP)

21 21 NetXplorer & SMP Arquitecture October 31, 2013 NetXplorer Data Collector GUI Client NetXplorer Server GUI Client Subscriber Management OSS RADIUS/DHCP NetXplorer Data Collector Mediation / Billing NetXplorer Data Collector

22 22 Netxplorer Features Main Features Network Visibility Real Time Monitoring Long Term Monitoring Auto Application Discovery Centralized Policy Management QoS definition L7 Firewalling Port Redirection DoS control Reports Creation Reports Scheduling Events & Alarms

23 Netxplorer Drill Down Capability 23

24 24 Rich Set of Graphs Statistics Utilization Distribution Graphs NetEnforcers Lines / Pipes / VCs Protocols Hosts / Int / Ext / Conversations Subscribers Average Protocol Popularity Typical Time

25 25 NetXplorer Most Active Graphs Reports Top N Available for: Netenforcer Lines, Pipes, Virtual Channels Protocolos Hosts Internal Host External Host Conversations Three Dimensional Graphs

26 26 NetXplorer Data Selection Date & Time Range

27 27 NetXplorer Report Creation Multiple Format Output Reports

28 28 NetXplorer Report Scheduling

29 29 Events & Alarms

30 30 QoS Optimization & Control Unmanaged With Allot Without Allot Allot NetEnforcer Visible and Managed P2P Upload P2P Download VoIP WebTV Video Conferencing Gaming

31 31 NetXplorer Policy Definition Actions Policy Name Conditions

32 Superior DPI technology 32 New dedicated H/W offers scalability & upgradability Based on Allots Next Generation DPI engine S/W with native APU (Allot Protocol Updates) support Advanced Proactive Learning System for finer identification of sophisticated P2P Apps Leader in real time and internet protocols

33 33 Service Catalog

34 Improvement of QoS features 3-level policy control LINE, PIPE & Virtual Channel Expedited Forwarding for real time applications Assured Forwarding for video streaming Drop Precedence for effective BW management (short term peak traffic) Tailored QoS behavior per Application Per Flow Queuing mechanism 34

35 35 QoS Catalog

36 36 DoS & Connection Control DoS Control Connection Control

37 ServiceProtector Protects against DDoS attacks; network attacks; worms; subscriber zombies; spambots Behavior-based ADS (Anomaly Detection System) Facilitates surgical isolation at the network or subscriber level KEY BENEFITS Reduce customer complaints Reduce OPEX Avoid blacklisting Enhance network mgmt Improve network stability Protect key customers Protect revenue streams October 2013

38 38 31 October 2013 ServiceProtectors Main Features Signature free DDoS, Spam and Zombie detection 0 day detection Fully based on traffic behavior 95% rate true positives Fast attack identification. Normally less than 5 min from begin to mitigation On-Fly attack signature creation For Mitigating the attacks Easy and transparent installation Distributed system Multiples sensors with one management console Independent solution No help needed from routers Fully integrated with NetXplorers Network Intelligent System External server or a ATCA blade Up to 10Gbits real-time detection per sensor

39 Network Behavior Anomaly Detection (NBAD) Uses TCP/IP statistics to build behavioral models Identifies disruptions in absolute and relative network statistics Connectionless, sessionless, stateless Detection speed inversely proportional to magnitude of attack Invariant to normal peaks and troughs Sensitive to attacks October 2013 Network attacks disrupt network behavior and the normal relationship between network statistics

40 Deployment October 2013 Core IP Network Access DSL Subscribers NetEnforcer Service Gateway Hosting Services DDoS protection International/local peering partners Cable Subscribers NetXplorer Access Service Gateway SP-Controller SP-Sensor SP-Sensor blade* * Availability of Service Protector blade to be announced – expect mid-late 08

41 MediaSwift Intelligent Media Caching maximizes network efficiency Accelerates content delivery and provides highest QoE Reduce delivery costs and improve service quality KEY BENEFITS Transparent caching of all bandwidth-intensive protocols Reduce OPEX Reduction of upstream bandwidth Wire speed data delivery Preserves functionality for all Internet services Scalable multi-gigabit bandwidth generation October 2013

42 October 31, 2013October 31, 2013October 31, 2013October 31, 2013October 31, 2013October 31, MediaSwift Bandwidth Control & Media Acceleration HTTP VideoP2P Peer VoIP , HTTP HTTP Traffic P2P Traffic Manages traffic and BW growth Produces BW savings Fastest downloads possible Best Quality of Experience (QoE) Satisfy user demand for media Competitive advantage over other ISPs Internet Subscribers ISP Access Network ISP Core Network

43 October 31, How it Works ISP UserInternet User MediaSwift Blade File Request Requested file is in the storage File Download SG-Sigma Stoppe d! File is downloaded from storage SG redirects multimedia traffic to/from blade Connection with peer is maintained Keep Alive

44 WebSafe An add-on service for Allot Service Gateway Sigma Supports encrypted URL blacklists up to 50,000 entries Supports Whitelist Overrides Blacklist in case of over-blocking Up to 10,000 entries Multiple enforcement actions: Redirect or block user October 31, 2013October 31, 2013October 31, 2013October 31, 2013October 31, 2013October 31, Network-based illegal content filtering solution

45 45 Referencias Administración Pública Turespaña Catastro Servicio Andaluz de Salud Oficina de Patentes Forum de Barcelona Principado de Asturias Gobierno de La Rioja Gobierno de Canarias Gobierno de Navarra Gobierno de Cantabria Ayuntamiento de Gijón Ayuntamiento de Rivas Ayuntamiento Laguna de Duero Ayntamiento de Torre Pacheco Parlamento de Cataluña Informática Comunidad de Madrid Estrada Dixital Hospital Marqués de Valdecilla Sescam Xunta de Galicia Ayunt. Quitanadueñas Ayunt. de Barcelona Banca y Seguros BBVA Banco Sabadell Santa Lucia Caixanova Rural Servicios Informáticos Agroseguro BBK Ibercaja Cajasegovia Aseval Caja Laboral Ministero de Sanidad Ministerio de Agricultura Ministerio de Economía (IGAE) Marina Mercante Generalitat Valenciana Ayuntamiento de Lloret Dirección General de Aragón (DGA) Sadesi (Junta de Andalucía) Junta de Extremadura Consejería Educación Junta de Andalucía Parlamento de Vasco Osakidetza (Servicio Vasco de Salud) IKT (Gobierno Vasco) Autoridad Portuaria de Valencia Dirección Gral de la Policia Ministerio de Defensa Ministerio del Interior Gobierno de Murcia (F. Integra) Colegio de Registradores CNMV

46 46 Referencias Operadores Unión Fenosa Telecomunicaciones Comunitel Neo Sky Fujitsu ASP BT Telecable R PTVTelecom Mcctelecom CableMutua Riosat Everbit Gemytel Más de 10 operadores de Cable regionales WifiOnline Axartel Novatelefonia Cable Sur Epresa Cable Melilla AWA Acorde Telecom Castilla La Mancha Universidades Universidad de Oviedo Universidad de Las Palmas Universidad de Málaga Universidad de Burgos Universidad de Cantabria Universidad de León Universidad Alfonso X el Sabio Universidad Miguel Hernández Universidad de Murcia Universidad de Barcelona Oxford University Press Universidad Pública de Navarra Universidad de La Rioja Escuela universitaria Galileo Galilei Universidad de Jaen Universidad de Huelva Universidad Politécnica de Madrid Universidad de Granada

47 47 Referencias Industria y Empresa Iron Montain ENCE Barceló Viajes Garden Hotel Praxair RTVE Turespaña Agroseguro DHL Tectotrans Marmedsa Mundo Social Viajes Marsans Dorna Telemadrid Unión Española de Explosivos Arias La Cope MediaPro – La sexta Museo del prado Metro de Madrid Polaris World Cementos Rohe Prosegur Algeposa Global Interlink Azertia Garden Group Puleva Albatros Almirall Torraspapel Iberdrola OHL Telefónica Soluciones Blanco Diagomoda AENA Radio Televisión Valenciana Transportes AZKAR Marítima Bergé Torraspapel Singular Kitchen ABC-Vocento Ibermática Redcom Spainrep Clar Roboticker Ciudad de La Luz Detinsa Estrella de Galicia Plásticos Ferro Forum de Barcelona Grupo Urvasco Grupo Boluda Armillar Pipeline Sofware Punto Acceso Rodio Cimentaciones Mtorres Schneider Electric Trentinort Unisono ACS/dragados Telepizza

48 48


Download ppt "Allot Network Intelligence Tomás Gómez de Acuña"

Similar presentations


Ads by Google