Presentation is loading. Please wait.

Presentation is loading. Please wait.

Allot Network Intelligence

Similar presentations

Presentation on theme: "Allot Network Intelligence"— Presentation transcript:

1 Allot Network Intelligence
Tomás Gómez de Acuña

2 Allot–At-A-Glance Company Status
Public company traded on NASDAQ [ALLT] Employees 250 R&D and Operations Israel, Hod Hasharon WW Sales and Support Americas: MN, CA, NY, TX, AZ, Brazil Europe: France, UK, Germany, Italy, Spain, Scandinavia Asia/Pac.: Singapore, Japan, Australia Founded 1997 Track Record More than 9000 units sold in 118 countries More than 700 service providers More than 2060 enterprises and educational inst.

3 Allot Network Intelligence Solution
Internet Access Internet Web, , Citrix Servers Video Citrix Clients SAP/Citrix Oracle VoIP GW PBX Data Center London Office VoIP Service Protector NetEnforcer RED LAN / CORE WAN NetEnforcer NetEnforcer VPN/ Leased Line/ MPLS Paris Office VoIP Service Protector NetEnforcer Tokyo Office VoIP SMP Server NetXplorer Server GUI Client

4 Network Intelligence Solution – Main Features
Network visibility & Network Intelligence Network troubleshooting Layer 7 Firewall Signature Base, DPI (Deep Packet Inspection) Connection Control Connection limitation per rule Badwidth assignment per connection Data center protection / DoS protection DDoS and Malicious Traffic Control (Service Protector) P2P Control Application Control QoS Bandwidth Management Video Caching (MediaSwift) Block of Illegal Webside URLs (Websafe) Managed Services. Virtual Traffic Control Subscriber Management. Traffic Control per Subscriber Accounting and Billing

5 Allot Product Family NetEnforcer Service Protector WebSafe
NetXplorer & NetXplorer Provisioner Subscriber Management Platform (SMP)

6 NetEnforcer Products NetXplorer SMP AC-400 AC-800 AC-1000 AC-2500
Service Gateway Ancho De Banda 2 a 100 Mb 45 a 310 Mb 155 Mb a 1 Gb 310 Mb a 2,5 Gb 4 Gb to 20 Gb 5 Gb a 40Gb Politicas 4.000 28.000 80.000 80.000 Internet Access, Local ISPs Pymes y SMB Enterprise ISPs Universidades Tier 2-3 Carriers, ISPs, Enterprise Universidades Tier 1, 2 Carriers, ISPs, Enterprise Universidades Tier 1, 2 Carriers, ISPs, Enterprise Universidades Tier 1, 2 Carriers, ISPs Clientes

7 NetEnforcer: Enterprise / Medium SP Platform
Model Bandwidth Pipes VCs Managed Links AC-40X Monitoring Only 100 Mbps 1 024 4,096 1 - 2 AC-40X/2M 2 Mbps AC-40X/6M 6 Mbps AC-40X/10M 10 Mbps AC-40X/45M 45 Mbps AC-40X/100M AC-80X Monitoring Only 310 Mbps 28,672 AC-80X-C&F 155 Mbps

8 NetEnforcer: SP & Carrier Platform
Model Bandwidth Full Duplex Pipes VCs Managed Links AC-10X0-Monitoring Only 1000 Mbps 10,000 80,000 1-2 AC-10X0-155M 155 Mbps AC-10X0-310M 310 Mbps AC-10X0-620M 620 Mbps AC-10X0-1000M AC-25X0- Monitoring Only 2500 Mbps 40,000 1-2-4 AC-25X0-310M AC-25X0-620M AC-25X0-1000M AC-25X0-2500M

9 AC10000 21 March 2017 Component / Feature Description Hardware Blade
ATCA Chassis Management interface 10/100/1000T Traffic Interface 2 x 10 GE 4 x 10 GE 8 x 1GE High Availability 1+1 Active Redundancy External Bypass 1 per Traffic card Component redundancy Inherent redundancy of every component Hot Swapable Yes Redundant power Supply Trhoghput Up to 20 Gbps Subscribers Policy Size Up to 200k Pipes and 400k VCs Concurrent Connections Up to 10M connections (20M flows) New Connections per sec Up to 200k new connections per sec (400k new flows) 21 March 2017

10 Service Gateway 21 March 2017 Component / Feature Description
Hardware Blade ATCA Chassis Management interface 10/100/1000T Traffic Interface 2 x 10 GE 4 x 10 GE 8 X 10 GE 16 x 1 GE High Availability N+1 Redundancy Internal Bypass 1 per Traffic card Component redundancy Inherent redundancy of every component Hot Swapable Yes Redundant power Supply Trhoghput Up to 40 Gbps Subscribers Policy Size Up to 200k Pipes and 400k VCs Concurrent Connections Up to 10M connections (20M flows) New Connections per sec Up to 200k new connections per sec (400k new flows) 21 March 2017

11 The Service Gateway Vision
Network + Subscriber Management 3rd Party Services Future Service ... Monitoring QoS Control Malicious traffic control URL Filtering Content Caching DPI Engine Open platform enabling integration of best-in-class services 21 March 2017

12 Service Gateway Redirecction
Internet Access Caching URL Filtering IDS Firewall Contect Inspection Reponse Time System Third Party Product RED LAN / CORE Centralized DPI System Reduce System Investment Better Traffic Control Really Intelligent (L7) Forward

13 Redundant Configuration
1 & 2 links Topologies One link Two Links. Redundant Configuration Two Links. Different Networks Internet NetEnforcer Router Firewall LAN Switch DMZ Internet Router Firewall LAN Switch DMZ LAN WAN NetEnforcer NetEnforcer 10/100 Ethernet: NE 402/802 1 Giga: NE 802/1010 10 Giga: NE / SG 10/100 Ethernet: NE 404/804 1 Giga: NE 804/1020/2520 10 Giga: NE / SG 10/100 Ethernet: NE 404/804 1 Giga: NE 804/1020/2520 10 Giga: NE / SG

14 Redundant Configuration.
4 links Topologies Four Links. Redundant Configuration. Fully Meshed FourLinks. Different Networks. NetEnforcer 10/100 Ethernet: NE 808 1 Giga: NE 808/2540 10 Giga: SG 8 x 10G 10/100 Ethernet: NE 808 1 Giga: NE 808/2540 10 Giga: SG 8 x 10G

15 8 links Topologies Service Gateway: 8 links of 1 giga Eight Links.
Different Networks Service Gateway: 8 links of 1 giga

16 Redundancy Support Link Active Redundancy Link
High Availability Redundancy Support Link Active Redundancy Link Router Internet Secondary Normal Scenario Primary Active Primary Primary Bypass Active Mode Secondary Bypass Bypass Mode

17 SMP Arquitecture

18 SMP Features Subscriber Monitoring Tiered Services Quota Management
Time Based Volume Based Portal

19 NetXplorer Provisioner Arquitecture
Managed Services: Virtual Traffic & Network Intelligence Authentication NetXplorer Server RADIUS Server Users Policy Modifications and Data Collection Back-end control Front-end Provisioning and Monitoring Internet Users NetEnforcer NetXplorer Provisioner Network Operator

20 NetXplorer Provisioner (NPP)

21 NetXplorer & SMP Arquitecture
GUI Client GUI Client OSS RADIUS/DHCP Mediation / Billing NetXplorer Server Subscriber Management NetXplorer Data Collector NetXplorer Data Collector NetXplorer Data Collector March 21, 2017

22 Netxplorer Features Main Features Network Visibility
Real Time Monitoring Long Term Monitoring Auto Application Discovery Centralized Policy Management QoS definition L7 Firewalling Port Redirection DoS control Reports Creation Reports Scheduling Events & Alarms

23 Netxplorer Drill Down Capability

24 Rich Set of Graphs Statistics Utilization Distribution Graphs
NetEnforcers Lines / Pipes / VCs Protocols Hosts / Int / Ext / Conversations Subscribers Average Protocol Popularity Typical Time Five main classes of predefined graphs are available in NetXplorer. Statistics graphs: Display the bandwidth consumed over a given period of time by your network, or specific entities within it Utilization graphs: Display the bandwidth consumed on a given entity as a percentage of a pre-defined maximum Object graphs: For each of the objects listed two types of reports are available: Most active object graphs. These display the most active objects over the period defined. The user can determine on what scale to measure “most active” (e.g: total bandwidth consumed, number of new connections, number of inbound packets etc), and of course, the number of “top” objects to view up to a total of 50. Object distribution graphs. These display the distribution of selected objects over the period defined. The user can again determine the scale on which the distribution is measured. Average protocol popularity graphs. Available specifically for the “protocols” object, these reports display protocol statistics, not according to the amount of bandwidth, packets or connections consumed, but according to the number of subscribers who used these protocols during the defined period. Typical time graphs: Display the results for any of the above graphs as a typical day or a typical week for the time period defined.

25 NetXplorer Most Active Graphs
Reports Top N Available for: Netenforcer Lines, Pipes, Virtual Channels Protocolos Hosts Internal Host External Host Conversations Three Dimensional Graphs

26 NetXplorer Data Selection
Date & Time Range

27 NetXplorer Report Creation
Multiple Format Output Reports

28 NetXplorer Report Scheduling

29 Events & Alarms

30 QoS Optimization & Control
Without Allot With Allot P2P Upload P2P Download Visible and Managed Unmanaged VoIP WebTV Video Conferencing Gaming Allot NetEnforcer

31 NetXplorer Policy Definition
Policy Name Conditions Actions

32 Superior DPI technology
New dedicated H/W offers scalability & upgradability Based on Allot’s Next Generation DPI engine S/W with native APU (Allot Protocol Updates) support Advanced Proactive Learning System for finer identification of sophisticated P2P Apps Leader in real time and internet protocols

33 Service Catalog

34 Improvement of QoS features
3-level policy control LINE, PIPE & Virtual Channel Expedited Forwarding for real time applications Assured Forwarding for video streaming Drop Precedence for effective BW management (short term peak traffic) Tailored QoS behavior per Application Per Flow Queuing mechanism

35 QoS Catalog

36 DoS & Connection Control
DoS Control Connection Control

37 ServiceProtector Protects against DDoS attacks; network attacks; worms; subscriber zombies; spambots Behavior-based ADS (Anomaly Detection System) Facilitates surgical isolation at the network or subscriber level KEY BENEFITS Reduce customer complaints Reduce OPEX Avoid blacklisting Enhance network mgmt Improve network stability Protect key customers Protect revenue streams 21 March 2017

38 ServiceProtector’s Main Features
Signature free DDoS, Spam and Zombie detection 0 day detection Fully based on traffic behavior <5% false positives, >95% rate true positives Fast attack identification. Normally less than 5 min from begin to mitigation “On-Fly” attack signature creation For Mitigating the attacks Easy and transparent installation Distributed system Multiples sensors with one management console Independent solution No help needed from routers Fully integrated with NetXplorer’s Network Intelligent System External server or a ATCA blade Up to 10Gbits real-time detection per sensor 38 21 March 2017 38 38

39 Network Behavior Anomaly Detection (NBAD)
Network attacks disrupt network behavior and the normal relationship between network statistics Uses TCP/IP statistics to build behavioral models Identifies disruptions in absolute and relative network statistics Connectionless, sessionless, stateless Detection speed inversely proportional to magnitude of attack Invariant to normal peaks and troughs Sensitive to attacks 21 March 2017

40 Deployment SP-Controller SP-Sensor SP-Sensor blade* SP-Sensor
NetXplorer SP-Sensor Cable Subscribers SP-Sensor blade* SP-Sensor Core IP Network Access DSL Subscribers SP-Sensor blade* International/local peering partners NetEnforcer Service Gateway ServiceProtector is deployed where you need protection; at key aggregation points usually next to the threat; use enforcement devices such as NetEnforcer or Service Gateway appliances for blocking, limiting or redirecting offending traffic; alternatively use network infrastructure like BRAS or routers or even network security devices; ServiceProtector has a passive network probe appliance called the ServiceProtector Sensor that listens to network traffic from optical taps (as shown here) or via port mirror or port SPAN; In the near future, the ServiceProtector Sensor will also be implemented as a blade on the Service Gateway; In the meantime, the Sensor appliance can deployed as an appliance via optical taps or port SPAN; Each Sensor communicates with a central management, storage, and reporting appliance called the ServiceProtector Controller; A Controller can manage either kind of Sensor with no need to expand the storage (unless desired). This is because ServiceProtector uses summarized metadata about the traffic so its storage requirements will not scale linearly in proportion to the amount of traffic; Controller can manage up to 16 Sensors; NOTE: Passive deployment of Sensors – not inline Do not require collection intrusive collection of flow records from routers Can automatically capture packets and flows from the network for analysis, real-time signature creation and verification 10GE Sensors do not substantially increase the volume of data compared with 1GE Sensors Access Hosting Services DDoS protection Service Gateway * Availability of Service Protector blade to be announced – expect mid-late ‘08 21 March 2017

41 MediaSwift Intelligent Media Caching maximizes network efficiency
Accelerates content delivery and provides highest QoE Reduce delivery costs and improve service quality KEY BENEFITS Transparent caching of all bandwidth-intensive protocols Reduce OPEX Reduction of upstream bandwidth Wire speed data delivery Preserves functionality for all Internet services Scalable multi-gigabit bandwidth generation 21 March 2017

42 Bandwidth Control & Media Acceleration
Internet HTTP Traffic Manages traffic and BW growth Produces BW savings Fastest downloads possible Best Quality of Experience (QoE) Satisfy user demand for media Competitive advantage over other ISPs MediaSwift P2P Traffic ISP Core Network ISP Access Network Subscribers HTTP Video P2P Peer VoIP , HTTP March 21, 2017March 21, 2017March 21, 2017March 21, 2017March 21, 2017

43 How it Works Stopped! Requested file is in the storage
File is downloaded from storage MediaSwift Blade Connection with peer is maintained File Request File Download File Request Keep Alive File Download Stopped! SG-Sigma ISP User Internet User SG redirects multimedia traffic to/from blade March 21, 2017

44 Network-based illegal content filtering solution
WebSafe Network-based illegal content filtering solution An add-on service for Allot Service Gateway Sigma Supports encrypted URL blacklists up to 50,000 entries Supports Whitelist Overrides Blacklist in case of over-blocking Up to 10,000 entries Multiple enforcement actions: Redirect or block user March 21, 2017March 21, 2017March 21, 2017March 21, 2017March 21, 2017

45 Referencias Banca y Seguros BBVA Banco Sabadell Santa Lucia Caixanova
Rural Servicios Informáticos Agroseguro BBK Ibercaja Cajasegovia Aseval Caja Laboral Administración Pública Turespaña Catastro Servicio Andaluz de Salud Oficina de Patentes Forum de Barcelona Principado de Asturias Gobierno de La Rioja Gobierno de Canarias Gobierno de Navarra Gobierno de Cantabria Ayuntamiento de Gijón Ayuntamiento de Rivas Ayuntamiento Laguna de Duero Ayntamiento de Torre Pacheco Parlamento de Cataluña Informática Comunidad de Madrid Estrada Dixital Hospital Marqués de Valdecilla Sescam Xunta de Galicia Ayunt. Quitanadueñas Ayunt. de Barcelona Ministero de Sanidad Ministerio de Agricultura Ministerio de Economía (IGAE) Marina Mercante Generalitat Valenciana Ayuntamiento de Lloret Dirección General de Aragón (DGA) Sadesi (Junta de Andalucía) Junta de Extremadura Consejería Educación Junta de Andalucía Parlamento de Vasco Osakidetza (Servicio Vasco de Salud) IKT (Gobierno Vasco) Autoridad Portuaria de Valencia Dirección Gral de la Policia Ministerio de Defensa Ministerio del Interior Gobierno de Murcia (F. Integra) Colegio de Registradores CNMV

46 Referencias Universidades Universidad de Oviedo
Operadores Unión Fenosa Telecomunicaciones Comunitel Neo Sky Fujitsu ASP BT Telecable R PTVTelecom Mcctelecom CableMutua Riosat Everbit Gemytel Más de 10 operadores de Cable regionales WifiOnline Axartel Novatelefonia Cable Sur Epresa Cable Melilla AWA Acorde Telecom Castilla La Mancha Universidades Universidad de Oviedo Universidad de Las Palmas Universidad de Málaga Universidad de Burgos Universidad de Cantabria Universidad de León Universidad Alfonso X el Sabio Universidad Miguel Hernández Universidad de Murcia Universidad de Barcelona Oxford University Press Universidad Pública de Navarra Universidad de La Rioja Escuela universitaria Galileo Galilei Universidad de Jaen Universidad de Huelva Universidad Politécnica de Madrid Universidad de Granada

47 Referencias Industria y Empresa Iron Montain ENCE Barceló Viajes
Garden Hotel Praxair RTVE Turespaña Agroseguro DHL Tectotrans Marmedsa Mundo Social Viajes Marsans Dorna Telemadrid Unión Española de Explosivos Arias La Cope MediaPro – La sexta Museo del prado Metro de Madrid Polaris World Cementos Rohe Prosegur Algeposa Global Interlink Azertia Garden Group Puleva Albatros Almirall Torraspapel Iberdrola OHL Telefónica Soluciones Blanco Diagomoda AENA Radio Televisión Valenciana Transportes AZKAR Marítima Bergé Singular Kitchen ABC-Vocento Ibermática Redcom Spainrep Clar Roboticker Ciudad de La Luz Detinsa Estrella de Galicia Plásticos Ferro Forum de Barcelona Grupo Urvasco Grupo Boluda Armillar Pipeline Sofware Punto Acceso Rodio Cimentaciones Mtorres Schneider Electric Trentinort Unisono ACS/dragados Telepizza


Download ppt "Allot Network Intelligence"

Similar presentations

Ads by Google