《AceNet流控墙产品培训》由会员分享,可在线阅读,更多相关《AceNet流控墙产品培训(77页珍藏版)》请在金锄头文库上搜索。
1、,2007.08,,AceNet 流控墙产品培训,2,日程,1. 流控墙产品设计背景,2. AceNet流控墙,3. 流控墙能给用户带来的好处,4. 推荐流控墙给潜在用户,5. FAQ,3,日程,1. 流控墙产品设计背景,2. AceNet流控墙,3. 流控墙能给用户带来的好处,4. 推荐流控墙给潜在用户,5. FAQ,4,各种用户连入网络,P2P、IM各种应用带来的挑战,各种业务在网络开展,对网络提出更高要求,多条链路,多出口需要更加策略化的使用,网络应用的变迁带来的挑战,5,网络带宽占用比例,6,P2P占用网络带宽比例,7,用户网络行为模型的变化,每个用户的开启的应用程序在增加 单个用户的
2、并发连接数也在迅速增加 UDP报文在迅速增加,过去,现在,8,流量安全变得越来越重要,流量可视性,流量可控性,流量可追溯性,流量安全,9,挑战对设备要求的改变,传统网络设备不能在L7应用层分析数据流量,防火墙的设计性能不满足新应用需求,需要流量的带宽保障,新设备来进行 综合流量管理,10,现有设备的叠加方案1,防火墙,流量控制,DMZ,Internet,Internet,内网,11,现有设备的叠加方案2,防火墙,流量控制,DMZ,Internet,Internet,内网,12,AceNet的流控墙解决方案,DMZ,ISP1,ISP2,AceNet流控墙,内网,13,日程,1. 流控墙产品设计背
3、景,2. AceNet流控墙,3. 流控墙能给用户带来的好处,4. 推荐流控墙给潜在用户,5. FAQ,14,AceNet 公司介绍,Found in 2003 Headquarters in Santa Clara, California, USA Manufacturing site: China and Taiwan Sale Offices: Beijing , Shanghai , Taipei R&D: Santa Clara in USA , Shenzhen in China Extensive Network and Distributed environment exper
4、ience Backgrounds of IC design , Networking and Communications AceNet delivers Wire-Speed, High-performance, comprehensive, policy-based, IP Services and Security Control appliance. Sales Awareness Product release 2nd half of 2006. Implement up to 50+ customers Penetrated Education ,Enterprise ,Heal
5、thcare ,Service Provider market sector,15,AceNet 流控墙,防火墙,多出口策略,流量管理,Security control,Service control,流量的应用层识别、分析控制和安全组合的领先产品 SSPP专用集成芯片为核心 高性能产品,AceNet 流控墙,16,SSPPTM 业务流策略处理器,Service Session Policy Processor 业务流策略处理器,AceNet设计的流量安全的专用集成电路,3千万逻辑门以上级专用芯片,革命性的集成L2L7处理芯片,高达10Gbps的处理量,17,Business Intellig
6、ence Real time ,Alerts , Reports,Adaptive CapabilityTransparent ,Routing ,NAT,System Scalability 100M to 4.8G at Wire-Speed,Policy Enforcement IP ,Subnet ,User ,Group ,Schedule etc.,L7 Service Control QoS ,Bandwidth Guarantee,Application Visibility Video,VoIP,P2P/IM,hhttp,email etc.,ASIC SSPP,SSPPTM
7、 系统先进性,18,Service Control,P2P Traffic Control,Security Control,+,=,Security,Business Traffic,Audit Trail,P2P Application Analysis P2P Behavior Monitoring P2P Bandwidth Control,Optimize Bandwidth Policy-based traffic control Multi-homing Load Balance Traffic Statistic Dynamic Bandwidth control,NAT/PA
8、T User Authentication & Authorization User Blacklist User/Group IP traffic comtrol,IM / P2P / FTP log URL / email log,AceNet 流控墙应用点,19,R,R,R,R,R,R,Bandwidth,Qos,Concurrent Session,Base Subnet,Base User,Base IP,Base Group,Base Schedule,Policy,Policy,Policy,Policy,Policy,AceNet 流控墙多层次流控,20,WAN Load ba
9、lance,Concurrent Session,Application QoS,Bandwidth,强大的策略引擎,21,Layer 3,Layer 2,Layer 1,Protocol or Application,Schedule,User,BT , FOXY , QQ , eDonkey , Skype , MSN , Yahoo H.323 , SIP HTTP , FTP , Telnet , IPSec .,Hour , Day , Week , Month,Mapping with Radius , LDAP , POP3,3 层次的业务流管理,Maximize control
10、lable capacityEmpower access scalabilityServices flexibility,22,Analysis ModuleL7 DPI,Action ModuleQoS, Rate-limit Pass-through,log,BT, Emule.,Http,IM(MSN),Http(QoS),IM(MSN),Traffic Monitor,PP Stream,PP Stream,Rate-limit,AceNet SSPPTM,AceNet 流控墙SSPP中的流控模块,流量控制采用TCP Friendly Shaping P2P识别采用特征码和行为模型结合
11、方式,23,New Session Rate 70000210000/s,AceNets Traffic Delay: 0.022ms (max.),AG流控墙系统性能 Wire speed,24,Performance Report,Servegate EdgeForce Fortinet Nortel ASF185FE CISCO PIX525,Netscreen AceNet AG3000,This is the test result from a China Telecom. The ones with model name are most middle-end USA produ
12、ct. Test result of AceNet is from NCTU, TaiwanThe Curves, from low to high in 64 byte packet are the following vendors from top to buttom, left column and then right columnThe y-axis is the access rate instead of the throughput. Most of the tested products are subgigabit product (multiple FE ports).
13、 e.g. NS-208s is 550Mbps. AceNet is targeting 100% access rate of throughput 2000 Mbps,AceNets Traffic Delay: 0.022ms (max.),25,Session Connection Rate,26,26,Instant Message,VoIP,Azureus,File Sharing & Streaming,Instant Message,and rapid update.,Signature and Behavioral Recognition,27,P2P行为分析,28,P2P
14、行为分析,29,业务流控制图,Analysis chart of network usage BT and PPlive occupied 80% of the bandwidth From 21:30 21:50, BT was controlled under 200Mbps, and around 21:40, PP live is rate limited too.,30,IM 控制,Support rich of IM applications and deny by chat ,voice and file transfer .Besides , chat message woul
15、d be recording by AceReporter.,IM Log- MSN,Control by behavior,31,P2P 控制,Deny the specific P2P application or assign the bandwidth and limit the session.,return,32,BlackList Setting,Administrator define the traffic quota by day/week/month/quarter/year on every user .If the user exceed the traffic li
16、mit then will be classify as “Blacklist” and system automatically enable SOQ feature of service , the default rule is suspend service for 1 day. Besides, its manageable of suspend user from Blacklist table.,Blacklist Users,Cycling of quota,33,Suspend on Quota (SOQ),Once you has exceed the service quota which pre-defined by network administrator , a warning message will pop-up when any internet access enabling and suspend client services automatically.,
