Technology Showcase: Intelligent NAT Integration
|
|
- Kory Jefferson
- 7 years ago
- Views:
Transcription
1 Contents Executive Summary... 1 Overview... 2 The Need to Maintain Subscriber Awareness.. 2 Seamless NAT Integration... 3 A New Point of Reference... 3 Pre-NAT Integration Session Qualifiers... 3 Sandvine before the NAT... 4 Signal flow... 4 Post-NAT Integration Port-Range Mappings.. 5 Sandvine after the NAT... 5 Signal flow... 6 The Advantage of SandScript for Seamless Integration... 6 The Role of Business Intelligence for IPv6 Transition... 7 Executive Summary As the Internet moves to the use of IPv6 addressing, each communications service provider (CSP) is presented with various challenges and choices in making the transition. IPv4 address exhaustion is an issue for many network operators. Networks can accommodate overlapping IPv4 addresses by using Network Address Translation (NAT) to manage the translation of private and public IP addresses. However, this complicates the process of obtaining subscriber-awareness for accurate service innovation and advanced traffic optimization. Subscriber-awareness is essential for modern network policies that generate revenue and save costs. A standalone network policy control solution should seamlessly integrate with the network s NAT operations so it continues to deliver subscriberaware policy according to the primary benefits of its design. This paper explores Sandvine s approach to enabling modern Layer-7 use cases with full subscriber-awareness in the presence of NAT and overlapping IPv4 addresses through seamless integration. Conclusion... 8
2 Overview Today s communications service provider (CSP) is either working on, or planning, the transition to IPv6. The last blocks of IPv4 addresses were allocated by the Internet Assigned Numbers Authority (IANA) in February By using Network Address Translation (NAT), CSPs can meet the demands of applications and devices that are expected to continue to use IPv4 addressing for the foreseeable future. Using NAT allows a CSP to translate one public IPv4 address into many private addresses that are closed within a specific sector of the network. But there are consequences to employing NAT in the network to deal with the temporary problem of IPv4 address exhaustion, especially when a CSP has or plans to deploy a modern network policy control solution. NAT breaks the end-to-end addressing required by many applications, and eliminates a network policy control s ability to be continuously aware of which subscribers are utilizing specific data flows in the network what Sandvine calls subscriber-awareness. For this reason, the use of NAT is often perceived as an imperfect solution to a transient problem as the Internet transitions to IPv6 addressing for Layer-3 data transport. In terms of network policy control, subscriber-awareness is crucial for anything but the most basic business intelligence, service creation, and traffic optimization policies. Without it, services cannot be offered to subscribers not even simple speed tiers. Operators need new services and traffic optimization technologies to remain competitive. When it comes to the use of NAT in managing the transition to IPv6, many CSPs are faced with the prospect of having to gut the functionality and benefits of even the most basic subscriber-aware solutions. The approach to maintaining subscriber awareness in the presence of NAT and overlapping addresses determines a CSP s ability to support next-generation use cases and anticipate future change. A standalone network policy control solution should seamlessly integrate with the network s NAT operations so it continues to deliver the primary benefits of its design: A dedicated policy control application function for the network Deployment flexibility independent from network transport architecture Full traffic visibility with consistent, network-wide policy application The Need to Maintain Subscriber Awareness Modern network policy control use cases, such as usage management based on Layer-7 application quotas and automated network congestion management, require the ability to accurately associate Internet data traffic with the specific subscribers that are generating it. The most common method of achieving subscriber awareness is to associate a subscriber s IP address with a unique network login identifier tied to the subscriber s specific account. In a standalone solution, as an element intersects and inspects the network data stream it associates specific data flows with specific subscribers using the coupling of IP address and network identifier. A modern network policy control solution maintains the subscriber-aware state in real time, which in some cases means tracking millions of flows per second while associating each one with the correct subscriber. When NAT is in use the subscriber s IP address is no longer an end-to-end passport for determining their identity for the purposes of network policy control. There is no longer a direct method of obtaining the public IP currently assigned to a specific subscriber data session. To integrate properly with the NAT function, a network policy control solution must extend the model that associates data sessions with subscribers to use more than just a subscriber s IP address at the moment of network attachment. Page 2
3 Seamless NAT Integration To accommodate the presence of NAT a network policy control solution needs a method of qualifying data sessions to associate them with the correct subscribers. Sandvine s approach is to offer a solution that ensures seamless integration into the service provider s network and NAT architecture so that Layer-7 subscriber-aware policies continue to occur as they did before, without constraining either feature. This means using a new point of reference for situations where the network policy control solution must apply subscriber-aware policy to traffic in environments with overlapping IP addresses, or after the NAT function has been performed. A New Point of Reference In pre-nat deployments, where data is intersected prior to the NAT function taking place, the reference point should be based on partitioning the network and segmenting it into zones where IPv4 addresses are unique. These zones are expressed in the baseline network policy that governs subscriber awareness. For example, a site number associated with a specific part of the network can serve as the anchor value for determining and maintaining subscriber state. A key step is to determine unique sites within a network so they can be identified by a number. In the case where the translation function has already occurred when the PTS intersects the data stream, the network policy control solution must integrate with the NAT translation matrix, which is typically a mapping of IP addresses to TCP port ranges. This table of port mappings can be provided to the DPI device inspecting traffic to derive the actual source IP for an end-to-end awareness of subscriber data usage. The network policy control solution must be able to negotiate the new value or reference point in real time while continuing to inspect Layer-7 traffic at millions of flows per second. Pre-NAT Integration Session Qualifiers Beneath the product policy layer, Sandvine uses a reference point called a session qualifier that is configured in the field secure subscriber awareness. The session qualifier is a component of the Sandvine Policy Engine that expands the session model used for baseline subscriber awareness in policy. A session qualifier is an expressed value that commonly represents, though is not limited to, a site number or a VLAN tag mapped to a site number. This value is permanently stored, and then referenced along with an IPv4 address in real time by control and data plane elements to identify unique subscriber sessions in the presence of overlapping IP addresses. The session qualifier operates as a component of the Sandvine Policy Engine. The Policy Engine is installed on the Sandvine platform, which consists of the Service Delivery Engine (SDE), an element focused on control plane intelligence, and the Policy Traffic Switch (PTS), an element focused on data plane enforcement. The PTS includes the ability to make real-time decisions on-wire that handle the extremely fast transaction rates associated with Layer-7 traffic. The two elements work interactively to manage subscriber awareness in support of usage-based data services and traffic optimization policies. Session qualifiers are available on for existing Sandvine installations through a standard software maintenance update. The SDE and PTS use the IP address and session qualifier together, coupling them to a value contained in the initial authentication process (e.g., site number) to uniquely identify unique subscriber sessions when applying policy. Page 3
4 Sandvine before the NAT When the PTS is deployed before a NAT router has performed the address translation function, correct identification of a subscriber references the site number used during authentication (through RADIUS, DHCP or GTP-C). A simple scenario is one in which different network policy control elements are partitioned to specific network spaces that have no overlapping IP addresses. In this case, proprietary identifiers for the network policy control element or interface, including an IP address, can be used to define the address space and become the third point of reference to resolve and achieve subscriber awareness. A more complex example is where a single network policy control element or element cluster intersects all data plane traffic. In this case, overlapping IP addresses can reside on different VLANs of a trunk, with the VLAN tags and IP addresses together used to uniquely identify subscriber traffic For example, assume there are two networks sending traffic using IP addresses in the subnet range /8. Two subscribers in these networks may concurrently use the same IP address from that range, but the traffic of each subscriber resides on a different VLAN tag. Subscriber A sends a packet from , with VLAN tag 200 or 201. At the same time, subscriber B sends a packet from , with VLAN tag 300 or 301. In this case, all traffic with VLAN tag 200 or 201 can be assigned to a site, and all traffic with VLAN tag 300 or 301 can be assigned to a different site, as follows: VLAN tags 200 or 201 = site 1 VLAN tags 300 or 301 = site 2 Figure 1 shows Sandvine s deployment when the address translation has not yet occurred. Figure 1: Sandvine pre-nat deployment Signal flow 1. Networks of subscribers are using the overlapping IPv4 space. 2. The subscriber traffic comes in via multiple access networks. The subscriber is mapped to a private IPv4 address using RADIUS, DHCP or GTP-C at the time the subscriber joins the network. The different networks are on distinct VLANs when the traffic passes through the PTS. 3. The SDE receives the RADIUS or DHCP message and processes it to determine the private IPv4 address, user name and site. Any RADIUS or DHCP fields can be combined with arbitrary Sandscript Page 4
5 logic to determine the site. The SDE may receive the traffic from the multiple access network, or via a tee (real-time mirrored copy) from the PTS. The SDE passes on the private IPv4 address, user name and site number to the SPB, which stores the information in its database and forwards the information to the PTS. The VLAN-tagged packets come into the PTS cluster. The PTS translates the VLAN tags into site numbers according to the PTS element s configuration. The PTS uses the private IPv4 address and site number to uniquely identify subscribers, and then performs subscriber-aware policy. If the PTS does not know to which subscriber the IP address/site number mapping belongs, it looks up the information on the Subscriber Policy Broker (SPB the solution storage layer). One or more NAT routers translate the traffic to public IPv4 addresses. Packets continue on to their Internet destinations. Post-NAT Integration Port-Range Mappings When the PTS is deployed outside the NAT, the source and destination IP of traffic has changed. For internet-bound packets, source IP and source port are changed by the NAT before PTS inspection, and for subscriber-bound packets, the destination IP and destination port are altered after the PTS element inspects traffic. In this case Sandvine s SDE and PTS elements achieve subscriber awareness using the subscriber s private IPv4 address, network identifier and a unique TCP port number referenced from a lookup table on the NAT device. Sandvine supports multiple NAT routers and both private and public addresses, with the subscriber mapping again occurring beneath the policy layer to facilitate consistent policy across the network. Sandvine after the NAT To accommodate a post-nat environment, the network policy control solution must have the ability to integrate with the address translation architecture. Sandvine s SDE supports SandScript policies that can negotiate with the NAT device to segregate IP addresses according to the network s translation architecture, such as unique port numbers assigned to blocks of IPs. Figure 2 shows Sandvine's postnat deployment. Figure 2: Sandvine post-nat deployment Page 5
6 Signal flow 1. Networks of subscribers are using the overlapping IPv4 space. 2. The subscriber traffic comes in via multiple access networks. The subscriber is mapped to a private IPv4 address using RADIUS, DHCP or GTP-C at the time the subscriber joins the network. 3. The following steps can happen in either order: a. One or more NATs translate the traffic to public IPv4 addresses - the unique identifier for subscriber traffic from here is an IP address with an assigned port range. b. An SDE receives the RADIUS or DHCP message from the AAA server and processes it to determine the private IPv4 address and subscriber user name mapping. 4. An SDE receives the public NAT address and port range mapping from the CGN (can be a different SDE). The SDE maps the subscriber s private IPv4 address with the public NAT address and port range. 5. The SDE passes information to the Sandvine persistence layer (SPB) in two streams: a. the mapping of qualified private IPv4 address to subscriber user name b. the mapping of qualified private IPv4 address to public NAT address/port range mapping 6. The data streams and their associated relationships are stored separately, but the SPB joins the two data streams if and when necessary to notify the PTS of conditions requiring subscriber-specific actions. 7. The PTS uses the state information from the SPB to uniquely identify subscribers and perform subscriber-aware policy (e.g., metering, congestion management, service tiers). 8. Packets continue on to their Internet destinations. The Advantage of SandScript for Seamless Integration A key differentiator of Sandvine technology is the way in which it approaches the creation and execution of policy. Sandvine s hardware hosts software products that execute the if condition, then action network policy paradigm using an open and highly-configurable policy language called SandScript. Freeform policy supports the unrestricted ability to define and associate a complex set of fully-interactive, logic-based policy statements, any of which can affect a particular entity, such as a subscriber, in the desired context. SandScript is used to define feature-rich usage management and traffic management policies that can be infinite in both breadth and complexity. With the use of session qualifiers, SandScript policies can continue to be written once and deployed throughout the network as though the NAT issue does not exist. Examples of subscriber-aware policies include mobile congestion management and online gaming promotions. Session qualifiers and port-range mappings configured beneath the policy layer seamlessly integrate with NAT operations as an aspect of the baseline function that maintains state for subscriber awareness, and this allows CSPs to apply homogeneous SandScript policy to all network traffic, regardless of the IP version. Subscriber-aware state functions are maintained in a seamless fashion such that SandScript policies continue to operate as though the problem of overlapping addresses or NAT does not exist in the network. This is one advantage of having a freeform, script-based language to configure and execute real-time Layer-7 data flow evaluations and control plane decisions. Page 6
7 The Role of Business Intelligence for IPv6 Transition It is important to note that a fully functional network policy control can help smooth the transition to IPv6. CSPs can capitalize on opportunities that emerge by examining IPv6 adoption trends on the network to be ahead of the curve in enabling IPv6 content for subscribers. Sandvine s ability to flexibly integrate with NAT solutions while delivering the full suite of differentiated Layer-7 services and traffic management capabilities enables a complete view of IPv6related business intelligence. Network Demographics provides operational reports showing IPv6 and application usage. Network Analytics offers daily reports of pre-analyzed IPv6 trends for intelligent network planning, as shown by Figure 3. Figure 3: Network Analytics IPv6 Transition Analysis by Application Type Page 7
8 Conclusion This paper has shown that the best approach to enjoying the benefits of both NAT and advanced network policy control is to intelligently integrate with the network s ongoing transport evolution. A standalone network policy control solution should seamlessly integrate with the network s NAT operations so it continues to deliver the primary benefits of its design: A dedicated policy control application function for the network Deployment flexibility independent from network transport architecture Full traffic visibility with consistent, network-wide policy application Sandvine s use of session qualifiers provides a simple and elegant solution that seamlessly integrates network policy control functions with existing and future NAT operations. Sandvine s innovative technology allows CSPs to continue the effective management of transport operations, network congestion and advanced Layer-7 services while maintaining deployment flexibility using the same Sandscript policy across the breadth of the network. Page 8
9 Headquarters Sandvine Incorporated ULC Waterloo, Ontario Canada Phone: European Offices Sandvine Limited, UK Swindon, UK Phone: sales@sandvine.co.uk Copyright 2013 Sandvine Incorporated ULC. Sandvine and the Sandvine logo are registered trademarks of Sandvine Incorporated ULC. All rights reserved
Technology Showcase Quota Manager
Technology Showcase Quota Manager Executive Summary... 1 Overview... 2 Quota Manager Service Innovation Features... 2 Quotas... 2 Quota Wheels... 2 Billing Cycle... 2 Zero-Rated Usage... 3 Time of Day
More informationTechnology Showcase: Shared Usage Plans
Contents Executive Summary... 1 Shared Quota Plans Overview... 2 Use Cases and Deployment Options... 4 B/OSS Group Plan Source... 6 Provisioning... 7 Billing... 8 Customer Service... 8 Reporting... 8 AAA
More informationUsage Management and Traffic Management Complementary Approaches
Usage Management and Traffic Management Complementary Approaches Contents Executive Summary... 1 Introduction... 2 Quotas Boosts Revenue, Not Resource Lifetime. 2 Example full-featured service plan...
More informationVoLTE and the Service Delivery Engine
A Sandvine Technology Showcase Contents Executive Summary... 1 Introduction to VoLTE... 2 Sandvine s Service Delivery Engine... 3 VoLTE Features... 3 Deployment Architecture... 4 Scalability... 4 Reducing
More informationWeb Browsing Quality of Experience Score
Web Browsing Quality of Experience Score A Sandvine Technology Showcase Contents Executive Summary... 1 Introduction to Web QoE... 2 Sandvine s Web Browsing QoE Metric... 3 Maintaining a Web Page Library...
More informationManaging IP Tunnels with Freeform Policy
Contents Executive Summary... 1 Overview... 2 IP Tunneling for Network Hand-off... 2 The Advantage of Freeform Policy... 2 Zero-rating and QoS mapping between networks... 3 Protocol Stacks in LTE... 3
More informationA Dell Technical White Paper Dell Storage Engineering
Networking Best Practices for Dell DX Object Storage A Dell Technical White Paper Dell Storage Engineering THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND
More informationPolicy Traffic Switch Clusters: Overcoming Routing Asymmetry and Achieving Scale
: Overcoming Routing Asymmetry and Achieving Scale A Sandvine Technology Showcase Contents Executive Summary... 1 Introduction to Scaling Challenges for Stateful Solutions... 2 Routing Asymmetry... 2 Absolute
More informationCCT vs. CCENT Skill Set Comparison
Operation of IP Data Networks Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges and Hubs Select the components required to meet a given network specification
More informationExtreme Networks CoreFlow2 Technology TECHNOLOGY STRATEGY BRIEF
Extreme Networks CoreFlow2 Technology TECHNOLOGY STRATEGY BRIEF TECHNOLOGY STRATEGY BRIEF Extreme Networks CoreFlow2 Technology Benefits INCREASED VISIBILITY Detailed monitoring of applications, their
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationEMC Data Domain Boost and Dynamic Interface Groups
EMC Data Domain Boost and Dynamic Interface Groups Maximize the Efficiency of Multiple Network Interfaces ABSTRACT EMC delivers dynamic interface groups to simplify the use of multiple network interfaces
More informationEnabling NAT and Routing in DGW v2.0 June 6, 2012
Enabling NAT and Routing in DGW v2.0 June 6, 2012 Proprietary 2012 Media5 Corporation Table of Contents Introduction... 3 Starting Services... 4 Distinguishing your WAN and LAN interfaces... 5 Configuring
More informationPE ARP: Port Enhanced ARP for IPv4 Address Sharing. Manish Karir, Eric Wustrow, Jim Rees
PE ARP: Port Enhanced ARP for IPv4 Address Sharing Manish Karir, Eric Wustrow, Jim Rees Merit NetworkInc. Outline Background Observations PE ARP Implementation Status Advantages of PE ARP Related Work
More informationIntroduction. The Inherent Unpredictability of IP Networks # $# #
Introduction " $ % & ' The Inherent Unpredictability of IP Networks A major reason that IP became the de facto worldwide standard for data communications networks is its automated resiliency based on intelligent
More informationNetwork Agent Quick Start
Network Agent Quick Start Topic 50500 Network Agent Quick Start Updated 17-Sep-2013 Applies To: Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.7 and 7.8 Websense
More informationALCATEL-LUCENT 7750 SERVICE ROUTER NEXT-GENERATION MOBILE GATEWAY FOR LTE/4G AND 2G/3G AND ANCHOR FOR CELLULAR-WI-FI CONVERGENCE
ALCATEL-LUCENT 7750 SERVICE ROUTER NEXT-GENERATION MOBILE GATEWAY FOR LTE/4G AND 2G/3G AND ANCHOR FOR CELLULAR-WI-FI CONVERGENCE The is a next generation mobile packet core data plane platform that supports
More informationHosted Voice. Best Practice Recommendations for VoIP Deployments
Hosted Voice Best Practice Recommendations for VoIP Deployments Thank you for choosing EarthLink! EarthLinks best in class Hosted Voice phone service allows you to deploy phones anywhere with a Broadband
More informationConfiguring IP Load Sharing in AOS Quick Configuration Guide
Configuring IP Load Sharing in AOS Quick Configuration Guide ADTRAN Operating System (AOS) includes IP Load Sharing for balancing outbound IP traffic across multiple interfaces. This feature can be used
More informationConfiguring H.323 over Port Network Address Translation (PNAT) for Avaya IP Endpoints using the Avaya SG200 Security Gateway - Issue 1.
Configuring H.323 over Port Network Address Translation (PNAT) for Avaya IP Endpoints using the Avaya SG200 Security Gateway - Issue 1.0 Abstract These Application Notes describe how to configure the Avaya
More informationThe Policy Engine and SandScript
A Sandvine Technology Showcase Contents Executive Summary... 1 Introduction... 2 Identification, Evaluation, and Enforcement. 2 The Policy Engine... 2 SandScript Freeform Policy Language... 2 Freeform
More informationWhat is VLAN Routing?
Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one
More informationWhite Paper. SSL vs. IPSec. Streamlining Site-to-Site VPN Deployments
White Paper SSL vs. IPSec Streamlining Site-to-Site VPN Deployments May 2011 SiteDirect Access. Security. Delivery. Introduction Traditionally, corporate users rely on IPSec for site-to-site access. However,
More informationMeeting the Five Key Needs of Next-Generation Cloud Computing Networks with 10 GbE
White Paper Meeting the Five Key Needs of Next-Generation Cloud Computing Networks Cloud computing promises to bring scalable processing capacity to a wide range of applications in a cost-effective manner.
More informationVirtualized Network Services SDN solution for enterprises
Virtualized Network Services SDN solution for enterprises Nuage Networks Virtualized Network Services (VNS) is a fresh approach to business networking that seamlessly links your enterprise s locations
More informationEVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE
EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE EXECUTIVE SUMMARY Enterprise network managers are being forced to do more with less. Their networks are growing in size and complexity. They need
More informationVIA CONNECT PRO Deployment Guide
VIA CONNECT PRO Deployment Guide www.true-collaboration.com Infinite Ways to Collaborate CONTENTS Introduction... 3 User Experience... 3 Pre-Deployment Planning... 3 Connectivity... 3 Network Addressing...
More information8000 Intelligent Network Manager
SOLUTION BRIEF 8000 Intelligent Network Manager Improve Profitability and Competitiveness with Operational Efficiency The Coriant 8000 Intelligent Network Manager is a powerful network and service management
More informationOptimizing Service Levels in Public Cloud Deployments
WHITE PAPER OCTOBER 2014 Optimizing Service Levels in Public Cloud Deployments Keys to Effective Service Management 2 WHITE PAPER: OPTIMIZING SERVICE LEVELS IN PUBLIC CLOUD DEPLOYMENTS ca.com Table of
More informationNetwork Functions Virtualization in Home Networks
Network Functions Virtualization in Home Networks Marion Dillon Timothy Winters Abstract The current model of home networking includes relatively low- cost, failure- prone devices, requiring frequent intervention
More informationIntelligent Policy Enforcement Solutions for Higher Education Institutions
Intelligent Policy Enforcement Solutions for Higher Education Institutions To do more with your campus network you need to see more. Imagine being able to view network activity down to the granular level,
More informationWhite Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.
White Paper Juniper Networks Solutions for VMware NSX Enabling Businesses to Deploy Virtualized Data Center Environments Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3
More informationConfiguration Guide for RFMS 3.0 Initial Configuration. WiNG5 How-To Guide. Network Address Translation. July 2011 Revision 1.0
Configuration Guide for RFMS 3.0 Initial Configuration XXX-XXXXXX-XX WiNG5 How-To Guide Network Address Translation July 2011 Revision 1.0 MOTOROLA and the Stylized M Logo are registered in the US Patent
More informationWhen SDN meets Mobility
When SDN meets Mobility The result is an automated, simpler network that supports the way you work With wireless increasingly becoming the primary means of access for end users, it is essential that any
More informationNetwork Address Translation (NAT)
Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT. Taken from http://www.cs.virginia.edu/~itlab/ book/slides/module17-nat.ppt 1 Private Network Private IP network
More informationTechnical White Paper
Instant APN Technical White Paper Introduction AccessMyLan Instant APN is a hosted service that provides access to a company network via an Access Point Name (APN) on the AT&T mobile network. Any device
More informationRequirements & Reference Models for ADSL Access Networks: The SNAG Document
Technical Report TR-010 Requirements & Reference Models for ADSL Access Networks: The SNAG Document June 1998 Abstract: This document outlines architectural requirements and reference models for ADSL services
More informationSoftware-Defined Networks Powered by VellOS
WHITE PAPER Software-Defined Networks Powered by VellOS Agile, Flexible Networking for Distributed Applications Vello s SDN enables a low-latency, programmable solution resulting in a faster and more flexible
More information21.4 Network Address Translation (NAT) 21.4.1 NAT concept
21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially
More informationTesting Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES
Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 SDN - An Overview... 2 SDN: Solution Layers and its Key Requirements to be validated...
More informationAdvanced VSAT Solutions Bridge Point-to-Multipoint (BPM) Overview
2114 West 7 th Street Tempe, AZ 85281 USA Voice +1.480.333.2200 E-mail sales@comtechefdata.com Web www.comtechefdata.com Advanced VSAT Solutions Bridge Point-to-Multipoint (BPM) Overview January 2014 2014
More information10 Ways. Cisco Meraki Switches Make Life Easier
10 Ways Cisco Meraki Switches Make Life Easier 10 Ways Cisco Meraki Switches Make Life Easier 1. Preconfigure switches for zero-touch deployment 2. Manage all switch ports from a single pane of glass
More informationRadware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical
Radware ADC-VX Solution The Agility of Virtual; The Predictability of Physical Table of Contents General... 3 Virtualization and consolidation trends in the data centers... 3 How virtualization and consolidation
More informationALTIRIS Deployment Solution 6.8 PXE Overview
ALTIRIS Deployment Solution 6.8 PXE Overview Notice Altiris AAA Document 2006 Altiris, Inc. All rights reserved. Document Date: October 3, 2006 Altiris, Inc. is a pioneer of IT lifecycle management software
More informationData Center Migration Lift and Shift Use Case Scenario
Why Datacenter Migration Is Challenging for Enterprises Datacenter migration projects are usually complex and involve considerable planning and coordination between multiple teams, including network, security,
More informationSecure Pipes with Network Security Technology Showcase
Technology Showcase Contents Executive Summary... 1 Introduction to Secure Pipes... 2 Network Security... 3 Clean and Secure Pipes From Within the CSP Network... 3 Behavioral Threat Detection... 4 DDoS
More informationBusiness Use Cases enabled by Policy- Centric Networks
Business Use Cases enabled by Policy- Centric Networks An AdvOSS Solution Whitepaper Author: Farhan Zaidi Contact: farhan.zaidi@advoss.com Latest version of this white paper can always be found at http://advoss.com/resources/whitepapers/business-use-cases-enabled-by-policy-centricnetworks.pdf
More informationTechnical Note. ForeScout CounterACT: Virtual Firewall
ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...
More informationJive Core: Platform, Infrastructure, and Installation
Jive Core: Platform, Infrastructure, and Installation Jive Communications, Inc. 888-850-3009 www.getjive.com 1 Overview Jive hosted services are run on Jive Core, a proprietary, cloud-based platform. Jive
More informationTurn Your Cloud Exchange Network Into a Network-as-a-Service
Turn Your Cloud Exchange Network Into a Network-as-a-Service Use software-defined networking to make your Wide Area Network into a Revenue Generating Asset Table of Contents Introduction.....................................
More informationNetScaler carriergrade network
White Paper NetScaler carriergrade network address translation Preserve IPv4 network investments, consolidate application delivery control in one platform and lower capex and opex Protect your investment
More informationApache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific
Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide
More informationUK Interconnect White Paper
UK Interconnect White Paper 460 Management Management Management Management 460 Management Management Management Management AI073 AI067 UK Interconnect White Paper Introduction The UK will probably have
More informationRadware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical
Radware ADC-VX Solution The Agility of Virtual; The Predictability of Physical Table of Contents General... 3 Virtualization and consolidation trends in the data centers... 3 How virtualization and consolidation
More informationVirtualized Network Services SDN solution for service providers
Virtualized Network Services SDN solution for service providers Nuage Networks Virtualized Network Services (VNS) is a fresh approach to business networking that seamlessly links your enterprise customers
More informationHOSTED VOICE Bring Your Own Bandwidth & Remote Worker. Install and Best Practices Guide
HOSTED VOICE Bring Your Own Bandwidth & Remote Worker Install and Best Practices Guide 2 Thank you for choosing EarthLink! EarthLinks' best in class Hosted Voice phone service allows you to deploy phones
More informationAvailability Digest. www.availabilitydigest.com. Redundant Load Balancing for High Availability July 2013
the Availability Digest Redundant Load Balancing for High Availability July 2013 A large data center can comprise hundreds or thousands of servers. These servers must not only be interconnected, but they
More informationNFV Reference Platform in Telefónica: Bringing Lab Experience to Real Deployments
Solution Brief Telefonica NFV Reference Platform Intel Xeon Processors NFV Reference Platform in Telefónica: Bringing Lab Experience to Real Deployments Summary This paper reviews Telefónica s vision and
More information5 Key Reasons to Migrate from Cisco ACE to F5 BIG-IP
5 Key Reasons to Migrate from Cisco ACE to F5 BIG-IP With support for Cisco ACE load balancer ending, organizations need to find an alternative. Contents Introduction 3 Advanced Architecture 3 Ease of
More informationNetwork Security Topologies. Chapter 11
Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network
More informationVIA COLLAGE Deployment Guide
VIA COLLAGE Deployment Guide www.true-collaboration.com Infinite Ways to Collaborate CONTENTS Introduction... 3 User Experience... 3 Pre-Deployment Planning... 3 Connectivity... 3 Network Addressing...
More informationVirtualized Security: The Next Generation of Consolidation
Virtualization. Consolidation. Simplification. Choice. WHITE PAPER Virtualized Security: The Next Generation of Consolidation Virtualized Security: The Next Generation of Consolidation As we approach the
More informationStarLeaf Network Guide
Network Guide Contents Introduction------------------------------------------------------------------------------------------------------------------------- 3 Registration to the ------------------------------------------------------------------------------------------
More informationService Automation Made Easy
Service Automation Made Easy Networks that know how to customize the network experience for every subscriber Challenge Service providers want to quickly develop and deliver personalized services their
More informationService Delivery Automation in IPv6 Networks
Service Delivery Automation in IPv6 Networks C. Jacquenet christian.jacquenet@orange.com Slide 1 Outline Rationale Beyond the SDN hype: a true need for automation Global framework From service negotiation
More informationKrishan Sabnani Bell Labs. Converged Networks of the Future
Krishan Sabnani Bell Labs Converged Networks of the Future Today s Networks 3G Cellular Networks Radio Controller Aggregation Access Enterprise Networks Metro Networks Access Packet-Based Network Aggregation
More informationIntelligent Policy Enforcement Solutions for Cloud Service Providers
Intelligent Policy Enforcement Solutions for Cloud Service Providers To do more with your application delivery network you need to see more. Imagine being able to view network activity down to the granular
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationJ-Flow on J Series Services Routers and Branch SRX Series Services Gateways
APPLICATION NOTE Juniper Flow Monitoring J-Flow on J Series Services Routers and Branch SRX Series Services Gateways Copyright 2011, Juniper Networks, Inc. 1 APPLICATION NOTE - Juniper Flow Monitoring
More informationBroadCloud PBX Customer Minimum Requirements
BroadCloud PBX Customer Minimum Requirements Service Guide Version 2.0 1009 Pruitt Road The Woodlands, TX 77380 Tel +1 281.465.3320 WWW.BROADSOFT.COM BroadCloud PBX Customer Minimum Requirements Service
More informationThe Internet and the Public Switched Telephone Network Disparities, Differences, and Distinctions
The Internet and the Public Switched Telephone Network Disparities, Differences, and Distinctions This paper discusses the telephone network infrastructure commonly known as the Public Switched Telephone
More informationWeb Application Hosting Cloud Architecture
Web Application Hosting Cloud Architecture Executive Overview This paper describes vendor neutral best practices for hosting web applications using cloud computing. The architectural elements described
More informationRanch Networks for Hosted Data Centers
Ranch Networks for Hosted Data Centers Internet Zone RN20 Server Farm DNS Zone DNS Server Farm FTP Zone FTP Server Farm Customer 1 Customer 2 L2 Switch Customer 3 Customer 4 Customer 5 Customer 6 Ranch
More informationMINIMUM NETWORK REQUIREMENTS 1. REQUIREMENTS SUMMARY... 1
Table of Contents 1. REQUIREMENTS SUMMARY... 1 2. REQUIREMENTS DETAIL... 2 2.1 DHCP SERVER... 2 2.2 DNS SERVER... 2 2.3 FIREWALLS... 3 2.4 NETWORK ADDRESS TRANSLATION... 4 2.5 APPLICATION LAYER GATEWAY...
More informationConfiguring Oracle SDN Virtual Network Services on Netra Modular System ORACLE WHITE PAPER SEPTEMBER 2015
Configuring Oracle SDN Virtual Network Services on Netra Modular System ORACLE WHITE PAPER SEPTEMBER 2015 Introduction 1 Netra Modular System 2 Oracle SDN Virtual Network Services 3 Configuration Details
More informationCisco Quantum Policy Suite for BNG
Data Sheet Cisco Quantum Policy Suite for BNG Solution Overview The Cisco Quantum Policy Suite is a carrier-grade policy, charging, and subscriber data management software solution that enables service
More informationCisco Networking Professional-6Months Project Based Training
Cisco Networking Professional-6Months Project Based Training Core Topics Cisco Certified Networking Associate (CCNA) 1. ICND1 2. ICND2 Cisco Certified Networking Professional (CCNP) 1. CCNP-ROUTE 2. CCNP-SWITCH
More informationPacket filtering and other firewall functions
Packet filtering and other firewall functions Martin Krammer mk@sbox.tugraz.at Martin Krammer Graz, May 25, 2007 1 Overview Firewalls Principles Architectures Security aspects Packet filtering Principles
More information10 METRICS TO MONITOR IN THE LTE NETWORK. [ WhitePaper ]
[ WhitePaper ] 10 10 METRICS TO MONITOR IN THE LTE NETWORK. Abstract: The deployment of LTE increases dependency on the underlying network, which must be closely monitored in order to avert service-impacting
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationNetwork Basics GRAPHISOFT. for connecting to a BIM Server. 2009 (version 1.0)
for connecting to a BIM Server GRAPHISOFT 2009 (version 1.0) Basic Vocabulary...3 Local Area Networks...5 Examples of Local Area Networks...5 Example 1: LAN of two computers without any other network devices...5
More informationProtecting a Corporate Network with ViPNet. Best Practices in Configuring the Appropriate Security Level in Your ViPNet Network
Protecting a Corporate Network with ViPNet Best Practices in Configuring the Appropriate Security Level in Your ViPNet Network Introduction Scope ViPNet technology protects information systems by means
More informationVM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware
VM-Series for VMware The VM-Series for VMware supports VMware NSX, ESXI stand-alone and vcloud Air, allowing you to deploy next-generation firewall security and advanced threat prevention within your VMware-based
More informationThe VDC Maturity Model Moving Up the Virtual Data Center Stack
F5 White Paper The VDC Maturity Model Moving Up the Virtual Data Center Stack Defining the baseline and process of virtualization maturity for the data center. by Alan Murphy Technical Marketing Manager,
More informationDelivering Dedicated Internet Access (DIA) and IP Services with Converged L2 and L3 Access Device
Delivering Dedicated Internet Access (DIA) and IP Services with Converged L2 and L3 Access Device THE NEED Communications Service providers (CSPs) have been transitioning from legacy SONET/SDH to IP and
More informationData Communication and Computer Network
1 Data communication principles, types and working principles of modems, Network principles, OSI model, functions of data link layer and network layer, networking components, communication protocols- X
More informationIntel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family
Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family White Paper June, 2008 Legal INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL
More informationOverview of Routing between Virtual LANs
Overview of Routing between Virtual LANs This chapter provides an overview of virtual LANs (VLANs). It describes the encapsulation protocols used for routing between VLANs and provides some basic information
More informationNetworking Devices. Lesson 6
Networking Devices Lesson 6 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Network Interface Cards Modems Media Converters Repeaters and Hubs Bridges and
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More informationBROADSOFT PARTNER CONFIGURATION GUIDE VEGASTREAM VEGA 100
BROADSOFT PARTNER CONFIGURATION GUIDE VEGASTREAM VEGA 100 JULY 2005 Version 1.0 BroadWorks Guide Copyright Notice Copyright 2005 BroadSoft, Inc. All rights reserved. Any technical documentation that is
More informationIntelligent Policy Enforcement for LTE Networks
The New Digital Lifestyle and LTE Intelligent Policy Enforcement for LTE Networks Mobile data networks are an essential tool in our hyperconnected society for streaming video, social networking, and collaboration.
More informationHow to Configure a BYOD Environment with the DWS-4026
Configuration Guide How to Configure a BYOD Environment with the DWS-4026 (MAC Authentication + Captive Portal) Overview This guide describes how to configure and implement BYOD environment with the D-Link
More informationLoad Balancing 101: Firewall Sandwiches
F5 White Paper Load Balancing 101: Firewall Sandwiches There are many advantages to deploying firewalls, in particular, behind Application Delivery Controllers. This white paper will show how you can implement
More informationIntroduction...3. Scope...3. Design Considerations...3. Hardware Requirements...3. Software Requirements...3. Description and Deployment Scenario...
APPLICATION NOTE Securing Virtualization in the Cloud-Ready Data Center Integrating vgw Virtual Gateway with SRX Series Services Gateways and STRM Series Security Threat Response Manager for Data Center
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationSession Title: Exploring Packet Tracer v5.3 IP Telephony & CME. Scenario
Session Title: Exploring Packet Tracer v5.3 IP Telephony & CME Scenario With the scheduled release of Packet Tracer v5.3 in the near future, this case study is designed to provide you with an insight into
More informationBusiness Values of Network and Security Virtualization
Business Values of Network and Security Virtualization VMware NSX in the context of the Software Defined Data Center Klaus Jansen Virtual Networks Sales Specialist VMware NSBU 2014 VMware Inc. All rights
More informationHow To Extend Security Policies To Public Clouds
What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their
More informationSDN CENTRALIZED NETWORK COMMAND AND CONTROL
SDN CENTRALIZED NETWORK COMMAND AND CONTROL Software Defined Networking (SDN) is a hot topic in the data center and cloud community. The geniuses over at IDC predict a $2 billion market by 2016
More information